[USN-4973-1] Python vulnerability

========================================================================== Ubuntu Security Notice USN-4973-1 June 01, 2021
python3.8 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10 – Ubuntu 20.04 LTS
Summary:
Python could allow unintended access to network services.
Software Description: – python3.8: An interactive high-level object-oriented language
Details:
It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: python3.8 3.8.6-1ubuntu0.3 python3.8-minimal 3.8.6-1ubuntu0.3
Ubuntu 20.04 LTS: python3.8 3.8.5-1~20.04.3 python3.8-minimal 3.8.5-1~20.04.3
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-4973-1 CVE-2021-29921
Package Information: launchpad.net/ubuntu/+source/python3.8/3.8.6-1ubuntu0.3 launchpad.net/ubuntu/+source/python3.8/3.8.5-1~20.04.3

[USN-4972-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-4972-1 June 01, 2021
postgresql-10, postgresql-12, postgresql-13 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description: – postgresql-13: Object-relational SQL database – postgresql-12: Object-relational SQL database – postgresql-10: Object-relational SQL database
Details:
Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027)
Andres Freund discovered that PostgreSQL incorrect handled certain INSERT … ON CONFLICT … DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. (CVE-2021-32028)
Tom Lane discovered that PostgreSQL incorrect handled certain UPDATE … RETURNING commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32029)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: postgresql-13 13.3-0ubuntu0.21.04.1
Ubuntu 20.10: postgresql-12 12.7-0ubuntu0.20.10.1
Ubuntu 20.04 LTS: postgresql-12 12.7-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: postgresql-10 10.17-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References: ubuntu.com/security/notices/USN-4972-1 CVE-2021-32027, CVE-2021-32028, CVE-2021-32029
Package Information: launchpad.net/ubuntu/+source/postgresql-13/13.3-0ubuntu0.21.04.1 launchpad.net/ubuntu/+source/postgresql-12/12.7-0ubuntu0.20.10.1 launchpad.net/ubuntu/+source/postgresql-12/12.7-0ubuntu0.20.04.1 launchpad.net/ubuntu/+source/postgresql-10/10.17-0ubuntu0.18.04.1

[USN-4971-1] libwebp vulnerabilities

========================================================================== Ubuntu Security Notice USN-4971-1 June 01, 2021
libwebp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
libwebp could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: – libwebp: Lossy compression of digital photographic images.
Details:
It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: libwebp6 0.6.1-2ubuntu0.21.04.1 libwebpdemux2 0.6.1-2ubuntu0.21.04.1 libwebpmux3 0.6.1-2ubuntu0.21.04.1
Ubuntu 20.10: libwebp6 0.6.1-2ubuntu0.20.10.1 libwebpdemux2 0.6.1-2ubuntu0.20.10.1 libwebpmux3 0.6.1-2ubuntu0.20.10.1
Ubuntu 20.04 LTS: libwebp6 0.6.1-2ubuntu0.20.04.1 libwebpdemux2 0.6.1-2ubuntu0.20.04.1 libwebpmux3 0.6.1-2ubuntu0.20.04.1
Ubuntu 18.04 LTS: libwebp6 0.6.1-2ubuntu0.18.04.1 libwebpdemux2 0.6.1-2ubuntu0.18.04.1 libwebpmux3 0.6.1-2ubuntu0.18.04.1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-4971-1 CVE-2018-25009, CVE-2018-25010, CVE-2018-25011, CVE-2018-25012, CVE-2018-25013, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331, CVE-2020-36332
Package Information: launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.21.04.1 launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.20.10.1 launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.20.04.1 launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.18.04.1

[USN-4970-1] GUPnP vulnerability

========================================================================== Ubuntu Security Notice USN-4970-1 June 01, 2021
gupnp vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.10 – Ubuntu 20.04 LTS
Summary:
GUPnP could allow unintended access to network services.
Software Description: – gupnp: framework for creating UPnP devices and control points
Details:
It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: libgupnp-1.2-0 1.2.4-1ubuntu0.21.04.1
Ubuntu 20.10: libgupnp-1.2-0 1.2.4-1ubuntu0.20.10.1
Ubuntu 20.04 LTS: libgupnp-1.2-0 1.2.3-0ubuntu0.20.04.2
After a standard system update you need to reboot your computer to make all the necessary changes.
References: ubuntu.com/security/notices/USN-4970-1 CVE-2021-33516
Package Information: launchpad.net/ubuntu/+source/gupnp/1.2.4-1ubuntu0.21.04.1 launchpad.net/ubuntu/+source/gupnp/1.2.4-1ubuntu0.20.10.1 launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.2