10891 matches found
USN-4320-1: Linux kernel vulnerability
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory...
USN-4254-2: Linux kernel (Xenial HWE) vulnerabilities
USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on...
USN-3775-1: Linux kernel vulnerabilities
It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. CVE-2018-15594 It was...
USN-4971-1: libwebp vulnerabilities
It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary co...
USN-4967-1: nginx vulnerability
Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4402-1: curl vulnerabilities
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. CVE-2020-8169 It was discovered that curl incorrectl...
USN-4094-1: Linux kernel vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
USN-3990-1: urllib3 vulnerabilities
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-20060 It was discovered that...
USN-6251-1: Linux kernel vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090 Sh...
USN-5090-1: Apache HTTP Server vulnerabilities
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. CVE-2021-33193 It was discovered that the Apache HTTP Server incorrectly handled...
USN-4752-1: Linux kernel (OEM) vulnerabilities
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...
USN-3778-1: Firefox vulnerabilities
A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code...
USN-5001-1: Linux kernel (OEM) vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...
USN-4016-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-5953 It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to...
USN-4004-1: Berkeley DB vulnerability
It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information...
USN-6852-1: Wget vulnerability
It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could possibly trick a user into connecting to a different host than expected...
USN-5537-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. In addition to security fixes, the updated...
USN-5407-1: Cairo vulnerabilities
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2016-9082, CVE-2017-9814, CVE-2019-6462 Stephan Bergmann discovered that Cairo incorrectly...
USN-3859-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880 It was discovered that...
USN-4734-1: wpa_supplicant and hostapd vulnerabilities
It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2021-0326 It was discovered that...
USN-4308-1: Twisted vulnerabilities
it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...
USN-3782-1: Liblouis vulnerabilities
Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-12085 It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Thi...
USN-3990-2: urllib3 vulnerability
USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...
USN-5337-1: Linux kernel vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-23222 Yiqi Sun and Kevin Wang discovered that the cgrou...
USN-5212-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...
USN-4878-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Ryota Shiga discovered that the sockopt BPF hooks in th...
USN-4204-1: psutil vulnerability
Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4047-1: libvirt vulnerabilities
Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile...
USN-3998-1: Evolution Data Server vulnerability
Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...
USN-4994-1: Apache HTTP Server vulnerabilities
Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...
USN-4363-1: Linux kernel vulnerabilities
It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 It was discovered that the linux kernel did not properly validate certain mount options to the...
USN-7212-1: Python 2.7 vulnerabilities
It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2019-9674 It was discovered that Python incorrectly handled certain inputs. If a user or an automated system...
USN-4998-1: Ceph vulnerabilities
It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. CVE-2020-25678 Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain...
USN-4495-1: Apache Log4j vulnerability
It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. CVE-2019-17571...
USN-5022-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the updated packages...
USN-3934-2: PolicyKit vulnerability
USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issu...
USN-4048-1: Docker vulnerabilities
Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root...
USN-4038-3: bzip2 regression
USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use...
USN-4038-4: bzip2 regression
USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. We apologize for the inconvenience. Original advisory details: It was...
USN-4017-1: Linux kernel vulnerabilities
Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. CVE-2019-11478 Jonathan Looney discovered that an...
USN-3876-1: Avahi vulnerabilities
Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. CVE-2017-6519, CVE-2018-1000845...
USN-5338-1: Linux kernel vulnerabilities
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 Jürgen Groß discovered that the Xen subsystem within the...
USN-4658-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-0423 Daniele Antonioli, Nils Ole...
USN-4113-1: Apache HTTP Server vulnerabilities
Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service daemon crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04...
USN-4070-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features,...
USN-4046-1: Irssi vulnerabilities
It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-7054 It was discovered that Irssi incorrectly handled certain requests. An...
USN-3780-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...
USN-5248-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions,...
USN-4093-1: Linux kernel vulnerabilities
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-10126 Andrei Vlad Lutas and Dan Lutas discovered that some x86...
USN-5045-1: Linux kernel vulnerabilities
Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 It was discovered that the bluetooth...