10832 matches found
USN-4699-1: Apache Log4net vulnerability
It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information...
USN-4698-1: Dnsmasq vulnerabilities
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-25681, CVE-2020-25687 Moshe Kol and Shlomi Oberman...
USN-4697-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. CVE-2020-35653 It was discovered that Pillow...
USN-4696-1: HTMLDOC vulnerability
It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...
USN-4695-1: icoutils vulnerabilities
Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2017-5208 It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to...
USN-4694-1: Linux kernel vulnerability
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...
USN-4693-1: Ampache vulnerabilities
It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. CVE-2019-12385 It was discovered that an XSS vulnerability in...
USN-4653-2: containerd vulnerability
USN-4653-1 fixed a vulnerability in containerd. Unfortunately, those containerd packages introduced a regression in docker.io and the update was reverted. This update addresses the docker.io issue and reintroduces the fixes from USN-4653-1. We apologize for the inconvenience...
USN-4692-1: tar vulnerabilities
Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu...
USN-4691-1: Open vSwitch vulnerabilities
Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4649-2: xdg-utils regression
USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handl...
USN-4689-2: Linux kernel vulnerabilities
USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed...
USN-4690-1: coTURN vulnerability
It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...
USN-4689-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...
USN-4668-4: python-apt vulnerability
USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume...
USN-4667-2: APT vulnerability
USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding...
USN-4688-1: JasPer vulnerabilities
It was discovered that Jasper incorrectly certain files. An attacker could possibly use this issue to cause a crash. CVE-2018-18873 It was discovered that Jasper incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19542 It was...
USN-4687-1: Firefox vulnerability
A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code...
USN-4686-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary co...
USN-4685-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code...
USN-4684-1: EDK II vulnerabilities
Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...
USN-4683-1: Linux kernel (OEM) vulnerability
Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory...
USN-4678-1: Linux kernel vulnerabilities
It was discovered that the AMD Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. CVE-2020-12912 Jann Horn discovered that the iouring subsystem in the Linux kernel d...
USN-4677-2: p11-kit vulnerability
USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a...
USN-4682-1: WavPack vulnerability
It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4680-1: Linux kernel vulnerabilities
It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service system crash. CVE-2019-19770 It was discovered that a race condition existed in the binder IPC...
USN-4681-1: Linux kernel vulnerabilities
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-0148 It was discovered that the console keyboard...
USN-4679-1: Linux kernel vulnerabilities
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...
USN-4677-1: p11-kit vulnerabilities
David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4676-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-4675-1: OpenStack Horizon vulnerability
Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL...
USN-4674-2: Dovecot vulnerability
USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash,...
USN-4674-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. CVE-2020-24386 Innokentii Sennovskiy...
USN-4668-3: python-apt regression
USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A loca...
USN-4673-1: libproxy vulnerability
Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-4672-1: unzip vulnerabilities
Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service...
USN-4671-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, ...
USN-4670-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue on...
USN-4660-2: Linux kernel regression
USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...
USN-4658-2: Linux kernel regression
USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...
USN-4659-2: Linux kernel regression
USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...
USN-4666-2: lxml vulnerability
USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could...
USN-4669-1: SquirrelMail vulnerability
It was discovered that a cross-site scripting XSS vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service...
USN-4668-2: python-apt regression
USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. We apologize for the inconvenience. Original advisory details: Kevin...
USN-4665-2: curl vulnerabilities
USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to tric...
USN-4668-1: python-apt vulnerability
Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service...
USN-4667-1: APT vulnerability
Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service...
USN-4666-1: lxml vulnerability
It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting XSS attacks...
USN-4665-1: curl vulnerabilities
Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. CVE-2020-8231 Varnavas Papaioannou discovered that curl...
USN-4664-1: Aptdaemon vulnerabilities
Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. CVE-2020-16128 Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this...