10894 matches found
USN-5782-2: Firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
USN-5760-1: libxml2 vulnerabilities
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. CVE-2022-2309 It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause ...
USN-5714-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. CVE-2022-2519,...
USN-5612-1: Intel Microcode vulnerability
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves...
USN-5604-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2022-2867, CVE-2022-2869 It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly u...
USN-5602-1: Linux kernel (Raspberry Pi) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-5576-1: Twisted vulnerability
It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a remote attacker could craft malicious HTTP requests in order to obtain sensitive information...
USN-5483-1: Exempi vulnerabilities
It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5457-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-5445-1: Subversion vulnerabilities
Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-11782 Tomas Bortoli discovered that Subversion...
USN-5386-1: AIOHTTP vulnerability
Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker could possibly use this issue to perform phishing attacks...
USN-5161-1: Linux kernel vulnerabilities
Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...
USN-5152-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing...
USN-4556-1: netqmail vulnerabilities
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. CVE-2005-1513, CVE-2005-1514, CVE-2005-1515 It was discovered that netqmail did not properly handle certain inp...
USN-4521-1: pam_tacplus vulnerability
It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...
USN-4514-1: libproxy vulnerability
It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service...
USN-4478-1: Python-RSA vulnerability
It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information...
USN-4429-1: Evolution Data Server vulnerability
It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...
USN-4418-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-4417-1: NSS vulnerability
Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys...
USN-4403-1: Mutt vulnerability and regression
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. CVE-2020-14954 This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...
USN-4360-2: json-c regression
USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSO...
USN-4338-1: re2c vulnerability
Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code...
USN-4262-1: OpenStack Keystone vulnerability
Daniel Preussker discovered that OpenStack Keystone incorrectly handled the list credentials API. A user with a role on the project could use this issue to view any other user's credentials...
USN-4233-2: GnuTLS update
USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFYALLOWBROKEN and %VERIFYALLOWSIGNWITHSHA1 priority strings that can be used to temporarily re-enable SHA1 until...
USN-4189-1: DPDK vulnerability
Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service...
USN-4038-2: bzip2 vulnerabilities
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a deni...
USN-3894-1: GNOME Keyring vulnerability
It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials...
USN-3868-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code...
USN-3747-2: OpenJDK 10 regression
USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: I...
USN-3746-1: APT vulnerability
It was discovered that APT incorrectly handled the mirror method mirror://. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries...
USN-3698-1: Linux kernel vulnerabilities
It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service system crash. CVE-2017-12154 Fan Wu,...
USN-3686-2: file vulnerabilities
USN-3686-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of...
USN-3680-1: libvirt vulnerability and update
Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...
USN-3675-1: GnuPG vulnerabilities
Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the...
USN-3606-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-3544-2: Firefox regressions
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. I...
USN-3524-1: Linux kernel vulnerability
Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...
USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux...
USN-3475-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. CVE-2017-3735 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery squaring procedure. While unlikely, a...
USN-3470-1: Linux kernel vulnerabilities
Qian Zhang discovered a heap-based buffer overflow in the tipcmsgbuild function in the Linux kernel. A local attacker could use to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-8632 Dmitry Vyukov discovered that a race condition...
USN-3454-2: libffi vulnerability
USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, ...
USN-3419-1: Linux kernel vulnerabilities
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that a buffer overflow existed in t...
USN-3346-2: Bind regression
USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key KSK...
USN-3199-3: Python Crypto vulnerability
USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. ...
USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code...
USN-3380-1: FreeRDP vulnerabilities
It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-0250 It was discovered...
USN-3339-2: OpenVPN vulnerability
USN-3339-1 fixed several issues in OpenVPN. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN...
USN-3212-4: LibTIFF vulnerabilities
USN-3212-1 fixed several issues in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF which allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image,...
USN-3294-2: Bash vulnerability
USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code wit...