10923 matches found
USN-4148-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-12596...
USN-4147-1: Linux kernel vulnerabilities
It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup TDLS. A physically proximate attacker could use this to cause a denial of service Wi-Fi disconnect. CVE-2019-0136 It was discovered that the Bluetooth UART...
USN-4146-2: ClamAV vulnerabilities
USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause...
USN-4146-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2019-12625 It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use th...
USN-4145-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service system crash. CVE-2016-10905 It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket optio...
USN-4144-1: Linux kernel vulnerabilities
It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-20976 Benjamin Moody discovered that the XFS file system...
USN-4143-1: SDL 2.0 vulnerabilities
It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. CVE-2017-2888 It was discovered that SDL 2.0 mishandled crafted image files. If...
USN-4142-2: e2fsprogs vulnerability
USN-4142-1 fixed a vulnerability in e2fsprogs. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute...
USN-4142-1: e2fsprogs vulnerability
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code...
USN-4141-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain string operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4140-1: Firefox vulnerability
It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users...
USN-4139-1: File Roller vulnerability
It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction...
USN-4138-1: LibreOffice vulnerability
It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code...
USN-4137-1: Mosquitto vulnerability
It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...
USN-4134-2: IBus regression
USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls o...
USN-4128-2: Tomcat vulnerabilities
It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing...
USN-4136-2: wpa_supplicant and hostapd vulnerability
USN-4136-1 fixed a vulnerability in wpasupplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to...
USN-4136-1: wpa_supplicant and hostapd vulnerability
It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service...
USN-4135-2: Linux kernel vulnerabilities
Peter Pi discovered a buffer overflow in the virtio network backend vhostnet implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2019-14835 It was discovered that the...
USN-4135-1: Linux kernel vulnerabilities
Peter Pi discovered a buffer overflow in the virtio network backend vhostnet implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2019-14835 It was discovered that the...
USN-4113-2: Apache HTTP Server regression
USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...
USN-4124-2: Exim vulnerability
USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
USN-4134-1: IBus vulnerability
Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...
USN-4133-1: Wireshark vulnerabilities
It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file...
USN-4129-2: curl vulnerability
USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resultin...
USN-4132-2: Expat vulnerability
USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive...
USN-4132-1: Expat vulnerability
It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...
USN-4131-1: VLC vulnerabilities
It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4130-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4129-1: curl vulnerabilities
Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. CVE-2019-5481 Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker...
USN-4115-2: Linux kernel regression
USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for...
USN-4120-2: systemd regression
USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the systemd-resolved D-Bus...
USN-4128-1: Tomcat vulnerabilities
It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing...
USN-4127-2: Python vulnerabilities
USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...
USN-4126-2: FreeType vulnerabilities
USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. CVE-2015-9381,...
USN-4127-1: Python vulnerabilities
It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-20406 It was discovered that Python incorrectly validated t...
USN-4126-1: FreeType vulnerability
It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information...
USN-4125-1: Memcached vulnerability
It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information...
USN-4124-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
USN-4123-1: npm/fstream vulnerability
It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem...
USN-4122-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...
USN-4121-1: Samba vulnerability
Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem...
USN-4120-1: systemd vulnerability
It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...
USN-4119-1: Irssi vulnerability
It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-4118-1: Linux kernel (AWS) vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
USN-4117-1: Linux kernel (AWS) vulnerabilities
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-10126 Amit Klein and Benny Pinkas discovered that the Linux kerne...
USN-4116-1: Linux kernel vulnerabilities
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-20856 Amit Klein and Ben...
USN-4115-1: Linux kernel vulnerabilities
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2018-19985 Zhipeng Xie discovered that an...
USN-4114-1: Linux kernel vulnerabilities
Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. CVE-2019-10638 Praveen Pandey discovered that the Linux kernel did not...
USN-3934-2: PolicyKit vulnerability
USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issu...