10890 matches found
USN-5759-1: LibBPF vulnerabilities
It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.10. CVE-2021-45940,...
USN-5702-1: curl vulnerabilities
Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...
USN-5668-1: Linux kernel vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5491-1: Squid vulnerability
Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service...
USN-5423-1: ClamAV vulnerabilities
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...
USN-5168-1: NSS vulnerability
Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4786-1: Moment.js vulnerabilities
It was discovered that Moment.js mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service...
USN-4652-1: SniffIt vulnerability
It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code...
USN-4634-1: OpenLDAP vulnerabilities
It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service...
USN-4552-3: Pam-python regression
USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconvenience. Original advisory details: Malte Kraus discovered that...
USN-4558-1: libapreq2 vulnerabilities
It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...
USN-4530-1: Debian-LAN vulnerabilities
Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. CVE-2019-3467...
USN-4519-1: PulseAudio vulnerability
Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4407-1: LibVNCServer vulnerabilities
It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...
USN-4357-1: IPRoute vulnerability
It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-4329-1: Git vulnerability
Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host...
USN-4273-1: ReportLab vulnerability
It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code...
USN-4172-2: file vulnerability
USN-4172-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM Ubuntu 14.04 ESM. Original advisory details: It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or...
USN-4139-1: File Roller vulnerability
It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction...
USN-3684-2: Perl vulnerability
USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files...
USN-3660-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or...
USN-3595-2: Samba vulnerability
USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to cras...
USN-3564-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information...
USN-3551-1: WebKitGTK+ vulnerabilities
Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. CVE-2018-4088,...
USN-3522-4: Linux kernel (Xenial HWE) regression
USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience...
USN-3522-3: Linux kernel regression
USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn...
USN-3510-1: Linux kernel vulnerabilities
Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...
USN-3492-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3459-2: MySQL vulnerabilities
USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
USN-3451-1: OpenStack Swift vulnerabilities
It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. CVE-2015-5223 Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly...
USN-3406-1: Linux kernel vulnerabilities
It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...
USN-3388-1: Subversion vulnerabilities
Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. CVE-2017-9800 Daniel Shahaf and James McCoy...
USN-3364-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker...
USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced...
USN-3199-2: Python Crypto regression
USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...
USN-3187-2: Linux kernel (OMAP4) vulnerabilities
Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash. CVE-2016-9555 It was discovered that multiple memory leaks existed in the XFS implementation in...
USN-3188-1: Linux kernel vulnerability
Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash...
USN-3151-4: Linux kernel (Raspberry Pi 2) vulnerability
Philip Pettersson discovered a race condition in the afpacket implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service system crash or run arbitrary code with administrative privileges...
USN-3149-2: Linux kernel (Trusty HWE) vulnerability
USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the afpacket implementation in the...
USN-3108-1: Bind vulnerability
Toshifumi Sakaguchi discovered that Bind incorrectly handled certain packets with malformed options. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities
A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacke...
USN-3047-2: QEMU regression
USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize fo...
USN-3047-1: QEMU vulnerabilities
Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is...
USN-3017-3: Linux kernel (Wily HWE) vulnerabilities
USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correct...
USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities
Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...
USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...
USN-2993-1: Firefox vulnerabilities
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to...
USN-2991-1: nginx vulnerability
It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service...
USN-2979-4: Linux kernel (Qualcomm Snapdragon) vulnerability
Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...
USN-2954-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...