10918 matches found
USN-4650-1: QEMU vulnerabilities
Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvir...
USN-4644-1: igraph vulnerability
It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service crash...
USN-4382-2: FreeRDP vulnerabilities
It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4646-2: poppler regression
USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...
USN-4649-1: xdg-utils vulnerability
Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information...
USN-4648-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4647-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions,...
USN-4646-1: poppler vulnerabilities
It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service...
USN-4645-1: Mutt vulnerability
It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information...
USN-4643-1: atftp vulnerabilities
It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service crash or possibly execute arbitrary code. CVE-2019-11365 It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain...
USN-4642-1: PDFResurrect vulnerability
It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service system crash or arbitrary code execution...
USN-4641-1: libextractor vulnerabilities
It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. CVE-2017-15266 It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a deni...
USN-4640-1: PulseAudio vulnerability
James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information...
USN-4634-2: OpenLDAP vulnerabilities
USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue t...
USN-4637-2: Firefox vulnerabilities
USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...
USN-4639-1: phpMyAdmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...
USN-4638-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service...
USN-4637-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks,...
USN-4636-1: LibVNCServer, Vino vulnerability
It was discovered that LibVNCServer incorrectly handled certain internals. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Vino package ships with a LibVNCServer source and all listed release...
USN-4635-1: Kerberos vulnerability
Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service...
USN-4634-1: OpenLDAP vulnerabilities
It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service...
USN-4633-1: PostgreSQL vulnerabilities
Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. CVE-2020-25694 Etienne Stalmans discovered that PostgreSQL incorrectly handled the...
USN-4607-2: OpenJDK regressions
USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original adviso...
USN-4632-1: SLiRP vulnerabilities
It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service application crash or...
USN-4631-1: libmaxminddb vulnerability
It was discovered that libmaxminddb incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause applications using libmaxminddb to crash, resulting in a denial of service...
USN-4171-6: Apport regression
USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as...
USN-4628-2: Intel Microcode regression
USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'disucodeldr' kernel command...
USN-4622-2: OpenLDAP vulnerability
USN-4622-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP t...
USN-4630-1: Raptor vulnerability
Hanno Böck discovered that Raptor incorrectly handled certain memory operations. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could cause the application to crash, resulting in a denial of service, or possibly execute...
USN-4629-1: MoinMoin vulnerabilities
Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-25074 Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files. An attacker could possibly use this issue to execu...
USN-4628-1: Intel Microcode vulnerabilities
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit RAPL feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker coul...
USN-4627-1: Linux kernel vulnerability
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose...
USN-4626-1: Linux kernel vulnerabilities
Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information kernel memory or gain administrative privileges. CVE-2020-27194 Moritz Lipp, Michael Schwarz,...
USN-4625-1: Firefox vulnerability
A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to execute arbitrary code...
USN-4624-1: libexif vulnerability
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code...
USN-4623-1: Pacemaker vulnerability
Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root...
USN-4622-1: OpenLDAP vulnerability
It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4621-1: netqmail vulnerabilities
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. CVE-2005-1513, CVE-2005-1514, CVE-2005-1515 It was discovered that netqmail did not properly handle certain inp...
USN-4599-3: Firefox regressions
USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...
USN-4620-1: phpLDAPadmin vulnerability
It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code...
USN-4619-1: dom4j vulnerability
Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-1000632...
USN-4618-1: tmux vulnerability
Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-4616-2: AccountsService vulnerabilities
USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause...
USN-4617-1: SPICE vdagent vulnerabilities
Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. CVE-2020-25650 Matthias Gerstner discovered that SPICE vdagent incorrectly...
USN-4615-1: Yerase's TNEF vulnerabilities
It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. CVE-2017-6298, CVE-2017-6299,...
USN-4616-1: AccountsService vulnerabilities
Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. CVE-2020-16126 Kevin Backhouse discovered that AccountsService incorrectly handled reading...
USN-4614-1: GDM vulnerability
Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...
USN-4613-1: python-cryptography vulnerability
Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...
USN-4605-2: Blueman update
Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. CVE-2020-15238 While a previous security update fixed the...
USN-4611-1: Samba vulnerabilities
Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. CVE-2020-14318 Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...