10832 matches found
USN-3903-2: Linux kernel (HWE) vulnerabilities
USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds...
USN-3903-1: Linux kernel vulnerabilities
Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service host system crash or possibly execute arbitrary code in the host kernel. CVE-2018-16880 Jann Horn...
USN-3902-1: PHP vulnerabilities
It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2019-9020, CVE-2019-9024 It was discovered that the PHP PHAR module incorrectly handled certain...
USN-3901-2: Linux kernel (HWE) vulnerabilities
USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not...
USN-3901-1: Linux kernel vulnerabilities
Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. CVE-2018-18397 It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to...
USN-3885-2: OpenSSH vulnerability
USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked int...
USN-3900-1: GD vulnerabilities
It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3898-2: NSS vulnerability
USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to...
USN-3899-1: OpenSSL vulnerability
Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data...
USN-3898-1: NSS vulnerability
Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service...
USN-3897-1: Thunderbird vulnerabilities
A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. CVE-2016-5824 Multiple security issues were discovered in Thunderbird. If a user were tricked in to...
USN-3896-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code...
USN-3895-1: LDB vulnerability
It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service...
USN-3894-1: GNOME Keyring vulnerability
It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials...
USN-3866-3: Ghostscript regression
USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain...
USN-3893-2: Bind vulnerabilities
USN-3893-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue...
USN-3893-1: Bind vulnerabilities
Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-5744 It was discovered that Bind incorrectl...
USN-3866-2: Ghostscript regression
USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or...
USN-3892-1: GDM vulnerability
Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user...
USN-3850-2: NSS vulnerabilities
USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack...
USN-3891-1: systemd vulnerability
It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service kernel panic...
USN-3890-1: Django vulnerability
It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...
USN-3889-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3888-1: GVfs vulnerability
It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information...
USN-3887-1: snapd vulnerability
Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems wit...
USN-3886-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20551, CVE-2019-7310...
USN-3878-3: Linux kernel regression
USN-3878-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that could prevent systems with certain graphics chipsets from booting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a...
USN-3878-2: Linux kernel (Azure) vulnerabilities
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...
USN-3871-5: Linux kernel (Azure) vulnerabilities
Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-3885-1: OpenSSH vulnerabilities
Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output...
USN-3884-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-1000019, CVE-2019-1000020...
USN-3883-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. CVE-2018-10119, CVE-2018-10120, CVE-2018-11790 It was discovere...
USN-3882-1: curl vulnerabilities
Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. CVE-2018-16890...
USN-3881-2: Dovecot vulnerability
USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field...
USN-3881-1: Dovecot vulnerability
It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...
USN-3880-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not...
USN-3880-1: Linux kernel vulnerabilities
It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service client system crash...
USN-3871-3: Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities
Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could...
USN-3879-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system cras...
USN-3871-4: Linux kernel (HWE) vulnerabilities
USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem...
USN-3878-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...
USN-3871-2: Linux kernel regression
USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the metabg option enabled. This update fixes the problems. We apologize for the inconvenience. Original...
USN-3877-1: LibVNCServer vulnerabilities
It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code...
USN-3876-2: Avahi vulnerabilities
USN-3876-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. CVE-2017-6519,...
USN-3876-1: Avahi vulnerabilities
Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. CVE-2017-6519, CVE-2018-1000845...
USN-3875-1: OpenJDK vulnerability
It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. CVE-2019-2422...
USN-3874-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. CVE-2018-18500,...
USN-3873-1: Open vSwitch vulnerabilities
It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. CVE-2018-17204 It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote...
USN-3872-1: Linux kernel (HWE) vulnerabilities
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...