10876 matches found
USN-3153-1: Oxide vulnerabilities
Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting XSS attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass...
USN-1368-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...
USN-853-2: Firefox and Xulrunner regression
USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Alin Ra...
USN-5404-1: Rsyslog vulnerability
Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash...
USN-5399-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...
USN-5291-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. CVE-2021-23177, CVE-2021-31566 It was...
USN-5075-1: Ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-4975-2: Django vulnerability
USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly...
USN-4914-1: NetworkManager vulnerability
It was discovered that NetworkManager incorrectly handled certain profiles. A local attacker could possibly use this issue to cause NetworkManager to crash, resulting in a denial of service...
USN-4881-1: containerd vulnerability
It was discovered that containerd incorrectly handled certain environment variables. Contrary to expectations, a container could receive environment variables defined for a different container, possibly containing sensitive information...
USN-4723-1: PEAR vulnerability
It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4697-2: Pillow vulnerabilities
USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted...
USN-4394-1: SQLite vulnerabilities
It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-8740 It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker cou...
USN-4367-2: Linux kernel regression
USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not...
USN-4324-1: Linux kernel vulnerabilities
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Shijie Luo discovered that the ext4 file system...
USN-4213-1: Squid vulnerabilities
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...
USN-4133-1: Wireshark vulnerabilities
It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file...
USN-4131-1: VLC vulnerabilities
It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4088-1: PHP vulnerability
It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code...
USN-3967-1: FFmpeg vulnerabilities
It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash...
USN-3895-1: LDB vulnerability
It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service...
USN-3644-1: OpenJDK 8 vulnerabilities
It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. CVE-2018-2790 Francesc...
USN-3321-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary...
USN-3181-1: OpenSSL vulnerabilities
Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were...
USN-3077-1: OpenJDK 6 vulnerabilities
A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. CVE-2016-3458 Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker...
USN-2956-1: ubuntu-core-launcher vulnerability
Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems eg, traditional desktop and server. If a user were tricked into installing a malicious sn...
USN-2363-2: Bash vulnerability
USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...
USN-1681-3: Firefox regression
USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill...
USN-1186-1: Linux kernel vulnerabilities
Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. CVE-2010-4073 Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker cou...
USN-1093-1: Linux Kernel vulnerabilities (Marvell Dove)
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...
USN-713-1: openjdk-6 vulnerabilities
It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. CVE-2008-5347, CVE-2008-5350 It was discovered that Kerberos authentication and RSA public key...
USN-6816-1: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...
USN-5968-1: GitPython vulnerability
It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...
USN-5916-1: Linux kernel vulnerability
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5880-2: Firefox regressions
USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...
USN-5791-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...
USN-5514-1: Linux kernel vulnerabilities
It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-1195...
USN-5505-1: Linux kernel vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Likang Luo discovered that a race condition existed in the Bluetoo...
USN-5469-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2022-21499 Aaron Adams discovered that the netfilter subsystem in the Linux...
USN-5378-4: Gzip vulnerability
USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep...
USN-5270-2: MySQL vulnerabilities
USN-5270-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
USN-5227-2: Pillow vulnerabilities
USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
USN-5142-1: Samba vulnerabilities
Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124 Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An...
USN-5137-2: Linux kernel vulnerabilities
It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system crash or possibly execute arbitrary code...
USN-5116-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not...
USN-5102-1: Mercurial vulnerabilities
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...
USN-4905-2: X.Org X Server vulnerability
USN-4905-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could us...
USN-4955-1: Please vulnerabilities
Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a denial of service, or possibly escalate privileges...
USN-4918-3: ClamAV regression
USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to...
USN-4110-2: Dovecot vulnerability
USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to caus...