10891 matches found
USN-5454-1: CUPS vulnerabilities
Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. CVE-2022-26691 It was discovered that CUPS incorrectly handled...
USN-5174-2: Samba regression
USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...
USN-4472-1: PostgreSQL vulnerabilities
Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...
USN-4459-1: Salt vulnerabilities
It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. CVE-2018-15750 It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to...
USN-4298-2: SQLite vulnerabilities
USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a...
USN-4356-1: Squid vulnerabilities
Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. CVE-2019-12519, CVE-2019-12521 It was discovered that Squid incorrectly handled the...
USN-4328-1: Thunderbird vulnerabilities
It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. CVE-2020-6792 Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...
USN-4304-1: Ceph vulnerability
Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service...
USN-4277-1: libexif vulnerabilities
Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. CVE-2016-6328 Lili Xu and Bingchang Li...
USN-4230-1: ClamAV vulnerability
It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
USN-4217-1: Samba vulnerabilities
Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. CVE-2019-14861 Isaac Boukris discovered that Samba did not enforce the Kerberos...
USN-4193-1: Ghostscript vulnerability
Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause...
USN-4101-1: Firefox vulnerability
It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords...
USN-4097-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2019-11041, CVE-2019-11042...
USN-4084-1: Django vulnerabilities
It was discovered that Django incorrectly handled the Truncator function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. CVE-2019-14232 It was discovered that Django incorrectly handled the striptags function. A remote attacke...
USN-3866-3: Ghostscript regression
USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain...
USN-3878-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...
USN-3853-1: GnuPG vulnerability
Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks...
USN-3763-1: Linux kernel vulnerability
Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service...
USN-3629-2: MySQL vulnerabilities
USN-3629-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in...
USN-3444-1: Linux kernel vulnerabilities
Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service host crash or possibly gain administrative privileges in the host. CVE-2017-12134 Andrey Konovalov...
USN-3396-1: OpenJDK 7 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...
USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities
Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2016-9794 Andrey Konovalov discovered that signed integer...
USN-3166-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3134-1: Python vulnerabilities
It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...
USN-3071-1: Linux kernel vulnerabilities
Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...
USN-3003-1: Linux kernel vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...
USN-2934-1: Thunderbird vulnerabilities
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denia...
USN-2948-2: Linux kernel (Utopic HWE) regression
USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. We apologize for the inconvenience. Original advisory...
USN-2944-1: Libav vulnerabilities
It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...
USN-2861-1: libpng vulnerabilities
It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking th...
USN-2810-1: Kerberos vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...
USN-2790-1: NSPR vulnerability
Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2702-1: Firefox vulnerabilities
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via...
USN-2698-1: SQLite vulnerabilities
It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7443 Michal Zalewski...
USN-2654-1: Tomcat vulnerabilities
It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0119 It was discovered that Tomcat incorrectly handled data with malformed chunk...
USN-2586-1: Linux kernel (OMAP4) vulnerability
It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement RA messages to set the 'hoplimit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service IPv6 messages dropped...
USN-2505-1: Firefox vulnerabilities
Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. CVE-2015-0819 Jan de Mooij...
USN-2271-1: Linux kernel (Saucy HWE) vulnerability
Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...
USN-2239-1: Linux kernel (Saucy HWE) vulnerabilities
Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt...
USN-2041-1: Linux kernel (Raring HWE) vulnerabilities
A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol SCTP of the Linux kernel. A...
USN-1652-1: Linux kernel (Oneiric backport) vulnerabilities
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cau...
USN-1617-1: WebKit vulnerabilities
A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-1355-2: Mozvoikko update
USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect...
USN-1285-1: Linux kernel vulnerabilities
Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-2183 Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A...
USN-1253-1: Linux kernel vulnerabilities
Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...
USN-1243-1: Linux kernel vulnerabilities
It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...
USN-1201-1: Linux kernel vulnerabilities
It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...
USN-1098-1: vsftpd vulnerability
It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service...
USN-1010-1: OpenJDK vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. USN-923-1 disabled SSL/TLS renegotiation...