10923 matches found
USN-4530-1: Debian-LAN vulnerabilities
Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. CVE-2019-3467...
USN-4531-1: BusyBox vulnerability
It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications...
USN-4529-1: FreeImage vulnerabilities
It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. CVE-2019-12211 It was discovered that FreeImage...
USN-4528-1: Ceph vulnerabilities
Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. CVE-2020-10753 Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remo...
USN-4524-1: TNEF vulnerabilities
Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. CVE-2019-18849...
USN-4523-1: LibOFX vulnerability
It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack. CVE-2019-9656...
USN-4522-1: noVNC vulnerability
It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting XSS attacks. CVE-2017-18635...
USN-4521-1: pam_tacplus vulnerability
It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...
USN-4520-1: Exim SpamAssassin vulnerability
It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-19920...
USN-4519-1: PulseAudio vulnerability
Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4517-1: Email-Address-List vulnerability
It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. CVE-2018-18898...
USN-4518-1: xawtv vulnerability
Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. CVE-2020-13696...
USN-4516-1: GnuPG vulnerability
It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...
USN-4515-1: Pure-FTPd vulnerability
Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. CVE-2020-9274...
USN-4514-1: libproxy vulnerability
It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service...
USN-4513-1: apng2gif vulnerability
Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information. CVE-2017-6960...
USN-4510-2: Samba vulnerability
USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue t...
USN-4512-1: util-linux vulnerability
It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash...
USN-4511-1: QEMU vulnerability
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default...
USN-4510-1: Samba vulnerability
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schanne...
USN-4509-1: Perl DBI module vulnerabilities
It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2013-7490 It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive...
USN-4508-1: StoreBackup vulnerability
It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. CVE-2020-7040...
USN-4507-1: ncmpc vulnerability
It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service. CVE-2018-9240...
USN-4506-1: MCabber vulnerability
It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform machine-in-the-middle attacks. CVE-2016-9928...
USN-4505-1: PHPMailer vulnerability
Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...
USN-4504-1: OpenSSL vulnerabilities
Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...
USN-4502-1: websocket-extensions vulnerability
It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...
USN-4503-1: Perl DBI module vulnerability
It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code...
USN-4501-1: LuaJIT vulnerability
It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose sensitive information. CVE-2020-15890...
USN-4500-1: bsdiff vulnerabilities
It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code...
USN-4498-1: Loofah vulnerability
It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. CVE-2019-15587...
USN-4499-1: MilkyTracker vulnerabilities
It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code...
USN-4497-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-9112 It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it...
USN-4496-1: Apache XML-RPC vulnerability
It was discovered that Apache XML-RPC aka ws-xmlrpc does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-17570...
USN-4495-1: Apache Log4j vulnerability
It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. CVE-2019-17571...
USN-4494-1: GUPnP vulnerability
It was discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker could possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks...
USN-4493-1: cryptsetup vulnerability
It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
LSN-0071-1: Kernel Live Patch Security Notice
Or Cohen discovered that the AFPACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-14386...
USN-4488-2: X.Org X Server vulnerabilities
USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attack...
USN-4491-1: GnuTLS vulnerability
It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4487-2: libx11 vulnerabilities
USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to...
USN-4490-1: X.Org X Server vulnerability
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges...
USN-4489-1: Linux kernel vulnerability
Or Cohen discovered that the AFPACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-4474-2: Firefox regressions
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted...
USN-4485-1: Linux kernel vulnerabilities
Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915gemexecbuffer2ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2018-20669 It was discovered that the...
USN-4483-1: Linux kernel vulnerabilities
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...
USN-4449-2: Apport vulnerabilities
USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A...
USN-4488-1: X.Org X Server vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...
USN-4487-1: libx11 vulnerabilities
Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14344 Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate...
USN-4484-1: Linux kernel vulnerability
It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges...