10890 matches found
USN-4319-1: Linux kernel vulnerabilities
It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-19046 Al Viro discovered that the vfs layer in the Linux...
USN-4070-3: MariaDB vulnerabilities
USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 has been updated to MariaDB 10.3.17. In additio...
USN-4082-1: Subversion vulnerabilities
Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. CVE-2018-11782 Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve...
USN-3957-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes,...
USN-3922-3: PHP vulnerabilities
USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. CVE-2019-9022 It was discovered that PHP...
USN-3947-1: Libxslt vulnerability
It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information...
USN-3903-1: Linux kernel vulnerabilities
Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service host system crash or possibly execute arbitrary code in the host kernel. CVE-2018-16880 Jann Horn...
USN-3742-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...
USN-3678-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovered...
USN-3674-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly...
USN-3646-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...
USN-3542-1: Linux kernel vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...
USN-3296-1: Samba vulnerability
It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code...
USN-3141-1: Thunderbird vulnerabilities
Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of...
USN-6819-1: Linux kernel vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...
USN-5920-1: Linux kernel vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5906-1: PostgreSQL vulnerability
Jacob Champion discovered that the PostgreSQL client incorrectly handled Kerberos authentication. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to obtain sensitive information...
USN-5370-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, execute script unexpectedly, obtain sensitive information, conduct spoofing attacks, or execute arbitrary...
USN-5306-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-5305-1: MariaDB vulnerabilities
Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new feature...
USN-5283-1: Tar for Node.js vulnerability
It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack...
USN-5108-1: libntlm vulnerability
It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact...
USN-5068-1: GD library vulnerabilities
It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. CVE-2017-6363 I...
USN-5023-1: Aspell vulnerability
It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4937-1: GNOME Autoar vulnerability
Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution...
USN-4927-1: File Roller vulnerability
It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information...
USN-4888-1: ldb vulnerabilities
Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. CVE-2021-20277 Douglas Bagnall discovered that ldb, when used with Samba,...
USN-4759-1: GLib vulnerabilities
Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2021-27218 Kevin Backhouse discovered that GLib incorrect...
USN-4676-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-4561-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. CVE-2020-8161 It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. CVE-2020-8184...
USN-4512-1: util-linux vulnerability
It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash...
USN-4389-1: Linux kernel vulnerabilities
It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...
USN-4331-1: WebKitGTK+ vulnerability
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4315-1: Apport vulnerabilities
Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. CVE-2020-8831 Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions...
USN-4263-2: Sudo vulnerability
USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibl...
USN-4220-1: Git vulnerabilities
Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory...
USN-4137-1: Mosquitto vulnerability
It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...
USN-4124-2: Exim vulnerability
USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
USN-4027-1: PostgreSQL vulnerability
Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases...
USN-3918-2: Firefox vulnerabilities
USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...
USN-3695-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service system crash. CVE-2018-1094 It was discovered that the cdrom driver in the Linux kernel contained an...
USN-3371-1: Linux kernel (HWE) kernel vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture ALSA subsystem i...
USN-3212-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-2673-1: Thunderbird vulnerabilities
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...
USN-1041-1: Linux kernel vulnerabilities
Louis Rilling and Matthieu Fertré reported a use after free error in the Linux kernel's futexwait function. A local user could exploit this flaw to cause a denial of service system crash or possibly gain privileges via a specially crafted application. CVE-2014-0205 Ben Hawkes discovered that the...
USN-320-1: PHP vulnerabilities
The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...
USN-6952-1: Linux kernel vulnerabilities
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...
USN-6819-4: Linux kernel (Oracle) vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...
USN-6588-1: PAM vulnerability
Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...
USN-5850-1: Linux kernel vulnerabilities
It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service memory exhaustion. CVE-2022-3619 It was discovered that the Broadcom FullMAC USB WiFi driver in the Linu...