UBUNTU-CVE-2024-38636

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list 1, kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 test gap zone support with F2FS failed runtime...

UBUNTU-CVE-2022-48767

In the Linux kernel, the following vulnerability has been resolved: ceph: properly put cephstring reference after async create attempt The reference acquired by tryprepasynccreate is currently leaked. Ensure we put it...

UBUNTU-CVE-2022-48725

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siwcreateqp The atomicinc needs to be paired with an atomicdec on the error path...

UBUNTU-CVE-2024-35863

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in isvalidoplockbreak Skip sessions that are being teared down status == SESEXITING to avoid UAF...

UBUNTU-CVE-2024-35848

In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the...

UBUNTU-CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...

UBUNTU-CVE-2024-26857

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...

UBUNTU-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

UBUNTU-CVE-2024-28180

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

UBUNTU-CVE-2023-52573

In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rdsrdmacmeventhandlercmn check, if conn pointer exists before dereferencing it as rdmasetservicetype argument Found by Linux Verification Center linuxtesting.org with SVACE...

UBUNTU-CVE-2021-47057

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dmaiv fails to map In the case where the dmaiv mapping fails, the return error path leaks the memory allocated to object d. Fix this by adding a new error return label and jumpi...

UBUNTU-CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

UBUNTU-CVE-2021-3939

Ubuntu-specific modifications to accountsservice in patch file debian/patches/0010-set-language.patch caused the fallbacklocale variable, pointing to static storage, to be freed, in the userchangelanguageauthorizedcb function. This is reachable via the SetLanguage dbus function. This is fixed in...

DEBIAN-CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

UBUNTU-CVE-2020-27755

in SetImageExtent of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. Th...

USN-4640-1 pulseaudio vulnerability

James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information...

Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

UBUNTU-CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...

CVE-2018-10187

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvikop function libr/anal/p/analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier...

UBUNTU-CVE-2017-16528

sound/core/seqdevice.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service sndrawmididevseqfree use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...