2695 matches found
USN-2820-1 GnuTLS vulnerability | Cloud Foundry
USN-2820-1 GnuTLS vulnerability High Vendor GnuTLS Versions Affected Ubuntu 14.04 Description It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack. The Cloud Foundry project...
USN-2820-1 dpkg vulnerability | Cloud Foundry
USN-2820-1 dpkg vulnerability Medium Vendor dpkg Versions Affected Ubuntu 14.04 Description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, ...
USN-2815-1 PNG vulnerability | Cloud Foundry
USN-2815-1 PNG vulnerability Medium Vendor PNG Versions Affected Ubuntu 14.04 Description Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to...
USN-2787-1 audiofile vulnerability | Cloud Foundry
USN-2787-1 audiofile vulnerability Medium Vendor audiofile Versions Affected Ubuntu 14.04 Description Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially...
USN-2812-1 libxml2 vulnerability | Cloud Foundry
USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
USN-2788-1 and USN-2788-2 unzip vulnerability Medium Vendor unzip Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an...
USN-2806-1 Linux kernel vulnerability | Cloud Foundry
USN-2806-1 Linux kernel vulnerability High Vendor Vivid Versions Affected Ubuntu 14.04 Description Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a...
USN-2798-1 Linux kernel vulnerability | Cloud Foundry
USN-2798-1 Linux kernel vulnerability Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to...
USN-2778-1 Linux kernel vulnerabilities | Cloud Foundry
USN-2778-1 Linux kernel vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a...
USN-2767-1 GDK-Pixbuf library vulnerability | Cloud Foundry
USN-2767-1 GDK-Pixbuf library vulnerability Medium Vendor GDK Pixbuf Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into openin...
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
USN-2711-1 Net-SNMP Vulnerabilities Low to Medium Vendor Canonical Ubuntu Versions Affected libsnmp30 5.7.2dfsg-8.1ubuntu3.1 Description Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain tr...
USN-2756-1 rpcbind Vulnerability | Cloud Foundry
USN-2756-1 rpcbind Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description rpcbind could be made to crash or run programs if it received specially crafted network traffic. It was discovered that rpcbind incorrectly handled certain memory structures. A...
USN-2722-1 GDK-PixBuf Vulnerabilities | Cloud Foundry
USN-2722-1 GDK-PixBuf Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1 Description It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote...
USN-2751-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2751-1 Linux Kernel Vivid HWE Vulnerability Medium to Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Several security issues were fixed in the kernel. Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.fi...
Golang 1.4.3 CVE Fixes | Cloud Foundry
Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...
USN-2740-1 ICU Vulnerabilities | Cloud Foundry
USN-2740-1 ICU Vulnerabilities Medium to Low Vendor Canonical Ubuntu Versions Affected icu – International Components for Unicode library Description Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacke...
USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2765-1 Linux Kernel Vivid HWE Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their...
USN-2739-1 FreeType Vulnerabilities | Cloud Foundry
USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...
USN-2718-1 Address Configuration Change Vulnerabilities | Cloud Foundry
USN-2718-1 Address Configuration Change Vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An...