10905 matches found
USN-2182-1: QEMU vulnerabilities
Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2013-4544 Michael S. Tsirkin...
USN-2124-2: OpenJDK 6 regression
USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in...
USN-2087-1: NSPR vulnerability
It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code...
USN-2076-1: Linux kernel (OMAP4) vulnerabilities
Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...
USN-2032-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. CVE-2013-1741,...
USN-1943-1: Linux kernel (Raring HWE) vulnerabilities
Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. CVE-2013-1060 A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only...
USN-1914-1: Linux kernel vulnerability
Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges...
USN-1886-1: Puppet vulnerability
It was discovered that Puppet incorrectly handled YAML payloads. An attacker on an untrusted client could use this issue to execute arbitrary code on the primary server...
USN-1838-1: Linux kernel (OMAP4) vulnerabilities
An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system. CVE-2013-2094 A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw...
USN-1745-1: Linux kernel (OMAP4) vulnerability
Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. CVE-2013-0871 A flaw was discovered in the Edgeort USB serial converter...
USN-1735-1: OpenJDK vulnerabilities
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. CVE-2013-0169 A...
USN-1644-1: Linux kernel vulnerabilities
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit...
USN-1514-1: Linux kernel (OMAP4) vulnerabilities
A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM Kernel-based Virtual Machine to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhostnet module is loaded with the...
USN-1489-1: Linux kernel (Oneiric backport) vulnerability
A flaw was discovered in the Linux kernel's NFSv4 Network file system handling of ACLs access control lists. A remote NFS server attacker could cause a denial of service OOPS...
USN-1409-1: Linux kernel (Oneiric backport) vulnerabilities
Somnath Kotur discovered an error in the Linux kernel's VLAN virtual lan and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. CVE-2011-3347...
USN-1399-1: gdm-guest-session vulnerability
Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files...
USN-1362-1: Linux kernel vulnerabilities
Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. CVE-2011-3353 A flaw was found in KVM's Programmable Interval Timer PIT. When a virtual interrupt control is not available a local user could use this to caus...
USN-1329-1: Linux kernel (OMAP4) vulnerability
Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service...
USN-1291-1: Linux kernel vulnerabilities
A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. CVE-2011-4077 A flaw was found in the Journaling Block Device JBD. A local attacker able to mount ext3 or ext4 file...
USN-1218-1: Linux kernel vulnerabilities
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...
USN-1135-1: Exim vulnerability
It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user...
USN-1015-1: libvpx vulnerability
Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...
USN-992-1: Avahi vulnerabilities
It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only...
USN-975-2: Firefox and Xulrunner regression
USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Firefox. An...
USN-943-1: Thunderbird vulnerabilities
Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2010-1199 An integer overflow was discover...
USN-918-1: Samba vulnerability
It was discovered the Samba handled symlinks in an unexpected way when both "wide links" and "UNIX extensions" were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server...
USN-905-1: sudo vulnerabilities
It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...
USN-835-1: neon vulnerabilities
Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...
USN-830-1: OpenSSL vulnerability
Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation...
USN-808-1: Bind vulnerability
Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service...
USN-802-1: Apache vulnerabilities
It was discovered that modproxyhttp did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. CVE-2009-1890 It was...
USN-769-1: libwmf vulnerability
Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user...
USN-722-1: sudo vulnerability
Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped...
USN-719-1: pam-krb5 vulnerabilities
It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...
USN-635-1: xine-lib vulnerabilities
Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. CVE-2008-0073 Luigi Auriemma...
USN-436-2: KTorrent vulnerability
USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Original advisory details: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination...
USN-351-1: firefox vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571 The NSS library did not...
USN-250-1: Linux kernel vulnerability
Herbert Xu discovered a remote Denial of Service vulnerability in the ICMP packet handler. In some situations a memory allocation was released twice, which led to memory corruption. A remote attacker could exploit this to crash the machine...
USN-103-1: Linux kernel vulnerabilities
Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents which could contain sensitive data like passwords became visible on the raw device. This is...
USN-99-1: PHP4 vulnerabilities
Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...
USN-96-1: mySQL vulnerabilities
Stefano Di Paola discovered three privilege escalation flaws in the MySQL server: - If an authenticated user had INSERT privileges on the 'mysql' administrative database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the...
USN-45-1: nasm vulnerability
Jonathan Rockway discovered a locally exploitable buffer overflow in the error function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm...
USN-11-1: libgd2 vulnerabilities
Several buffer overflows have been discovered in libgd's PNG handling functions. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PH...
USN-7488-1: Python vulnerabilities
It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...
USN-7447-1: Yelp vulnerability
It was discovered that Yelp incorrectly handled paths in ghelp URLs. A remote attacker could use this issue to trick users into opening malicious downloaded help files and exfiltrate sensitive information...
USN-6702-2: Linux kernel vulnerabilities
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service system crash. CVE-2023-23000 It was discovered that the ARM Mali Display Processor...
USN-6522-2: FreeRDP vulnerabilities
USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker...
USN-6540-1: BlueZ vulnerability
It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable...
USN-6524-1: PyPy vulnerability
Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-6502-2: Linux kernel (Oracle) vulnerabilities
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao discover...