10904 matches found
USN-5497-1: Libjpeg6b vulnerabilities
It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-11212 Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input...
USN-5183-1: BlueZ vulnerability
Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code...
USN-4654-1: PEAR vulnerabilities
It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4572-2: Spice vulnerability
USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial ...
USN-4563-1: NTP vulnerability
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service crash...
USN-4488-1: X.Org X Server vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...
USN-4445-1: Ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,...
USN-4444-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4400-1: nfs-utils vulnerability
It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges...
USN-4342-1: Linux kernel vulnerabilities
Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2020-11884 It was discovered that t...
USN-4161-1: Linux kernel vulnerability
It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-3941-1: Lua vulnerability
Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service...
USN-3918-3: Firefox regression
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...
USN-3924-1: mod_auth_mellon vulnerabilities
It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. CVE-2019-3877 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to access...
USN-3836-2: Linux kernel (HWE) vulnerabilities
USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside...
USN-3826-1: QEMU vulnerabilities
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2018-10839 It was discovered that QEMU incorrectly handled the Slirp networking back-en...
USN-3825-1: mod_perl vulnerability
Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code...
USN-3768-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3697-2: Linux kernel (OEM) vulnerabilities
It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2018-1130 Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit...
USN-3687-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3522-2: Linux (Xenial HWE) vulnerability
USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect...
USN-3477-4: Firefox regression
USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were...
USN-3509-3: Linux kernel regression
USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam...
USN-3509-1: Linux kernel vulnerabilities
Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...
USN-3487-1: Linux kernel vulnerabilities
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...
USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux...
USN-3392-2: Linux kernel (Xenial HWE) regression
USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, ...
USN-3378-1: Linux kernel vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
USN-3368-1: libiberty vulnerabilities
It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrar...
USN-3190-2: Linux kernel (Raspberry Pi 2) vulnerabilities
Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...
USN-3097-2: Linux kernel (OMAP4) vulnerabilities
Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2016-6828 Pengfei Wang discovered a race condition in the...
USN-3072-1: Linux kernel vulnerabilities
Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...
USN-3038-1: Apache HTTP Server vulnerability
It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTPPROXY variable to redirect outgoing HTTP...
USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not...
USN-2950-2: libsoup update
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws ...
USN-2935-3: PAM regression
USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the...
USN-2902-1: graphite2 vulnerabilities
Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute...
USN-2792-1: Linux kernel vulnerabilities
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash. CVE-2015-7613 It was discovered that the Lin...
USN-2722-1: GDK-PixBuf vulnerability
Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2678-1: Linux kernel vulnerabilities
A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-1805 Daniel Borkmann reported a kernel crash in the Linux...
USN-2643-1: Linux kernel vulnerability
Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system...
USN-2636-1: Linux kernel (Vivid HWE) vulnerabilities
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service system crash. CVE-2015-0275 Wen Xu discovered a use-after-free flaw in the...
USN-2567-1: NTP vulnerabilities
Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. CVE-2015-1798 Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use...
USN-2564-1: Linux kernel (Utopic HWE) vulnerabilities
An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...
USN-2561-1: Linux kernel (OMAP4) vulnerabilities
It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...
USN-2547-1: Mono vulnerabilities
It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. CVE-2015-2318 It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A...
USN-2511-1: Linux kernel vulnerabilities
A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...
USN-2447-1: Linux kernel (Utopic HWE) vulnerabilities
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...
USN-2396-1: Linux kernel vulnerabilities
Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...
USN-2378-1: Linux kernel (Trusty HWE) vulnerabilities
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service system crash or possibly execute arbitrary code via specially crafted devices. CVE-2014-3181 Ben Hawkes reported...