10832 matches found
USN-6670-1: php-guzzlehttp-psr7 vulnerabilities
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...
USN-6305-2: PHP vulnerabilities
USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to...
USN-6607-1: Linux kernel (Azure) vulnerabilities
It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-6522-2: FreeRDP vulnerabilities
USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker...
USN-6540-1: BlueZ vulnerability
It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable...
USN-6539-1: python-cryptography vulnerabilities
It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. CVE-2023-23931 It was...
USN-6491-1: Node.js vulnerabilities
Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-32212 Zeyu Zhang discovered that Node.js incorrectl...
USN-6465-1: Linux kernel vulnerabilities
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...
USN-6441-3: Linux kernel vulnerabilities
Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...
USN-6446-1: Linux kernel vulnerabilities
Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...
USN-6404-2: Firefox regressions
USN-6404-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...
USN-6338-2: Linux kernel vulnerabilities
Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-21255 It was discovered that a race condition existed in th...
USN-6351-1: Linux kernel (GKE) vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...
USN-6263-2: OpenJDK regression
USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Motoyasu Saburi discovered that OpenJDK...
USN-6319-1: AMD Microcode vulnerability
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel...
USN-6299-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2020-36023, CVE-2020-36024...
USN-6265-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information...
USN-6264-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-6247-1: Linux kernel (OEM) vulnerabilities
David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. CVE-2022-2663 It was...
USN-6151-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...
USN-6149-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
USN-6139-1: Python vulnerability
Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. CVE-2023-24329...
USN-6079-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...
USN-6050-1: Git vulnerabilities
It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. CVE-2023-25652 Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to...
USN-5855-4: ImageMagick vulnerabilities
USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening ...
USN-6014-1: Linux kernel vulnerabilities
Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service connection termination or inject forged data. CVE-2020-36516 Ke Sun, Alyssa Milburn,...
USN-5893-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-5890-1: Open vSwitch vulnerabilities
Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5798-1: .NET 6 vulnerability
Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint...
USN-5782-2: Firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
USN-5772-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2021-3682 It...
USN-5739-1: MariaDB vulnerabilities
Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain b...
USN-5700-1: Linux kernel vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5693-1: Linux kernel (OEM) vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5626-2: Bind vulnerabilities
USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker...
USN-5616-1: Linux kernel (Intel IoTG) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-5612-1: Intel Microcode vulnerability
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves...
USN-5599-1: Linux kernel (Oracle) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-5525-1: Apache XML Security for Java vulnerability
It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...
USN-5476-1: Liblouis vulnerabilities
Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. CVE-2022-26981 It was discovered that Liblouis incorrectly handled certain inputs. An attacker could...
USN-5438-1: HTMLDOC vulnerability
It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary...
USN-5244-2: DBus vulnerability
USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same...
USN-5173-1: libmodbus vulnerabilities
It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4789-1: Apache ZooKeeper vulnerabilities
It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2016-5017 It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could...
USN-4766-1: Apache Commons BeanUtils vulnerabilities
It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code...
USN-4573-1: Vino vulnerabilities
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. CVE-2014-6053 It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could...
USN-4475-1: Chrony vulnerability
It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...
USN-4471-1: Net-SNMP vulnerabilities
Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. CVE-2020-15861 It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrar...
USN-4417-2: NSS vulnerability
USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacke...
USN-4418-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...