10832 matches found
USN-4536-1: SPIP vulnerabilities
Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2019-16392 Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could...
USN-4538-1: PackageKit vulnerabilities
Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. CVE-2020-16121 Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use...
USN-4537-1: Aptdaemon vulnerability
Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files...
USN-4525-1: Linux kernel vulnerabilities
It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...
USN-4535-1: RDFLib vulnerability
Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. CVE-2019-7653...
USN-4534-1: Perl DBI module vulnerability
It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information...
USN-4526-1: Linux kernel vulnerabilities
It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...
USN-4533-1: LTSP Display Manager vulnerabilities
Veeti Veteläinen discovered that the LTSP Display Manager ldm incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges. CVE-2019-20373...
USN-4532-1: Netty vulnerabilities
It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. CVE-2019-16869 It was discovered that Netty incorrectly handled certain...
USN-4530-1: Debian-LAN vulnerabilities
Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. CVE-2019-3467...
USN-4531-1: BusyBox vulnerability
It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications...
USN-4529-1: FreeImage vulnerabilities
It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. CVE-2019-12211 It was discovered that FreeImage...
USN-4528-1: Ceph vulnerabilities
Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. CVE-2020-10753 Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remo...
USN-4524-1: TNEF vulnerabilities
Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. CVE-2019-18849...
USN-4523-1: LibOFX vulnerability
It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack. CVE-2019-9656...
USN-4522-1: noVNC vulnerability
It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting XSS attacks. CVE-2017-18635...
USN-4521-1: pam_tacplus vulnerability
It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...
USN-4520-1: Exim SpamAssassin vulnerability
It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-19920...
USN-4519-1: PulseAudio vulnerability
Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4517-1: Email-Address-List vulnerability
It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. CVE-2018-18898...
USN-4518-1: xawtv vulnerability
Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. CVE-2020-13696...
USN-4516-1: GnuPG vulnerability
It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...
USN-4515-1: Pure-FTPd vulnerability
Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. CVE-2020-9274...
USN-4514-1: libproxy vulnerability
It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service...
USN-4513-1: apng2gif vulnerability
Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information. CVE-2017-6960...
USN-4510-2: Samba vulnerability
USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue t...
USN-4512-1: util-linux vulnerability
It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash...
USN-4511-1: QEMU vulnerability
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default...
USN-4510-1: Samba vulnerability
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schanne...
USN-4509-1: Perl DBI module vulnerabilities
It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2013-7490 It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive...
USN-4508-1: StoreBackup vulnerability
It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. CVE-2020-7040...
USN-4507-1: ncmpc vulnerability
It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service. CVE-2018-9240...
USN-4506-1: MCabber vulnerability
It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform machine-in-the-middle attacks. CVE-2016-9928...
USN-4505-1: PHPMailer vulnerability
Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...
USN-4504-1: OpenSSL vulnerabilities
Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...
USN-4502-1: websocket-extensions vulnerability
It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...
USN-4503-1: Perl DBI module vulnerability
It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code...
USN-4501-1: LuaJIT vulnerability
It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose sensitive information. CVE-2020-15890...
USN-4500-1: bsdiff vulnerabilities
It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code...
USN-4498-1: Loofah vulnerability
It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. CVE-2019-15587...
USN-4499-1: MilkyTracker vulnerabilities
It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code...
USN-4497-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-9112 It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it...
USN-4496-1: Apache XML-RPC vulnerability
It was discovered that Apache XML-RPC aka ws-xmlrpc does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-17570...
USN-4495-1: Apache Log4j vulnerability
It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. CVE-2019-17571...
USN-4494-1: GUPnP vulnerability
It was discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker could possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks...
USN-4493-1: cryptsetup vulnerability
It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
LSN-0071-1: Kernel Live Patch Security Notice
Or Cohen discovered that the AFPACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-14386...
USN-4488-2: X.Org X Server vulnerabilities
USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attack...
USN-4491-1: GnuTLS vulnerability
It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4487-2: libx11 vulnerabilities
USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to...