10918 matches found
USN-4765-1: The Sleuth Kit vulnerabilities
It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. CVE-2012-5619 It was discovered that The Sleuth Kit mishandled...
USN-4764-1: GLib vulnerability
It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory...
USN-4754-3: Python vulnerabilities
USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...
USN-4763-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only...
USN-4762-1: OpenSSH vulnerability
It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4761-1: Git vulnerability
Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4758-1: Go vulnerability
It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...
USN-4760-1: libzstd vulnerabilities
It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations...
USN-4759-1: GLib vulnerabilities
Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2021-27218 Kevin Backhouse discovered that GLib incorrect...
USN-4733-2: GNOME Autoar regression
USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Original advisory details: Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory...
USN-4757-2: wpa_supplicant and hostapd vulnerability
USN-4757-1 fixed a vulnerability in wpasupplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically...
USN-4757-1: wpa_supplicant and hostapd vulnerability
It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code...
USN-4754-4: Python 2.7 vulnerability
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled...
USN-4737-2: Bind vulnerability
USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to...
USN-4756-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct cross-site scripting XSS attacks, bypass HTTP auth phishing warning...
USN-4754-2: Python regression
USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain...
USN-4755-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-4754-1: Python vulnerabilities
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVE-2020-27619, CVE-2021-3177...
USN-4749-1: Linux kernel vulnerabilities
Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...
USN-4753-1: Linux kernel (OEM) vulnerability
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...
USN-4752-1: Linux kernel (OEM) vulnerabilities
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...
USN-4751-1: Linux kernel vulnerabilities
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...
USN-4750-1: Linux kernel vulnerabilities
Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...
USN-4748-1: Linux kernel vulnerabilities
It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service system crash. CVE-2020-27815 It was discovered that the memory management subsystem in the Linux kerne...
USN-4747-2: GNU Screen vulnerability
USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash...
USN-4747-1: GNU Screen vulnerability
Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4746-1: xterm vulnerability
Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4698-2: Dnsmasq regression
USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory details: Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly...
USN-4745-1: OpenSSL vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2020-1971 Tavis Ormandy discovered that OpenSSL incorrectly handl...
USN-4467-3: QEMU regression
USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the...
USN-4744-1: OpenLDAP vulnerability
Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short timestamps. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service...
USN-4743-1: GDK-PixBuf vulnerability
It was discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service...
USN-4742-1: Django vulnerability
It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...
USN-4741-1: Jackson vulnerabilities
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code...
USN-4740-1: Apache Shiro vulnerabilities
It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms...
USN-4739-1: WebKitGTK vulnerability
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4738-1: OpenSSL vulnerabilities
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2021-23840 Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...
USN-4737-1: Bind vulnerability
It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor...
USN-4734-2: wpa_supplicant and hostapd vulnerabilities
USN-4734-1 fixed several vulnerabilities in wpasupplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct group information in some situations, leading to a heap overflow. A physically proximate...
USN-4736-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-26976,...
USN-4735-1: PostgreSQL vulnerability
Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information...
USN-4734-1: wpa_supplicant and hostapd vulnerabilities
It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2021-0326 It was discovered that...
USN-4733-1: GNOME Autoar vulnerability
Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution...
USN-4732-1: SQLite vulnerability
It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4730-1: PostSRSd vulnerability
It was discovered that PostSRSd mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service via a long timestamp tag in an SRS address...
USN-4731-1: JUnit 4 vulnerability
It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information...
USN-4729-1: Open vSwitch vulnerability
Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification...
USN-4713-2: Linux kernel vulnerability
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...
USN-4728-1: snapd vulnerability
Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a...
USN-4727-1: Linux kernel vulnerability
Alexander Popov discovered that multiple race conditions existed in the AFVSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...