10923 matches found
USN-3935-1: BusyBox vulnerabilities
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....
USN-3934-1: PolicyKit vulnerability
It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...
USN-3933-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth...
USN-3933-1: Linux kernel vulnerabilities
It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information kernel memory. CVE-2017-1000410 It was discovered that the USB serial device driver in the Linux...
USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation...
USN-3932-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...
USN-3931-2: Linux kernel (HWE) vulnerabilities
USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirsk...
USN-3931-1: Linux kernel vulnerabilities
M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...
USN-3930-2: Linux kernel (HWE) vulnerabilities
USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sou...
USN-3930-1: Linux kernel vulnerabilities
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA subsystem. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2018-19824 Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an...
USN-3929-1: Firebird vulnerabilities
It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. CVE-2014-9323 It was discovered that Firebird incorrectly handled...
USN-3928-1: Dovecot vulnerability
It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges...
USN-3926-1: GPAC vulnerabilities
It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...
USN-3927-1: Thunderbird vulnerabilities
It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. CVE-2018-18506 Multiple security...
USN-3918-3: Firefox regression
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...
USN-3925-1: FreeImage vulnerability
It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution...
USN-3924-1: mod_auth_mellon vulnerabilities
It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. CVE-2019-3877 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to access...
USN-3923-1: QEMU vulnerabilities
Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol MTP. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. CVE-2018-16867...
USN-3922-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641...
USN-3921-1: XMLTooling vulnerability
It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service...
USN-3919-1: Firefox vulnerabilities
Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code...
USN-3918-2: Firefox vulnerabilities
USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...
USN-3916-1: libsolv vulnerabilities
It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service...
USN-3918-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick...
USN-3917-1: snapd vulnerability
The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass...
USN-3913-1: P7ZIP vulnerabilities
It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution...
USN-3915-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3914-1: NTFS-3G vulnerability
A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator...
USN-3912-1: GDK-PixBuf vulnerability
It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execut...
USN-3906-2: LibTIFF vulnerabilities
USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a...
USN-3911-1: file vulnerabilities
It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code...
USN-3910-1: Linux kernel vulnerabilities
It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflushmerge mount option correctly. An attacker could use this to cause a denial of service system crash. CVE-2017-18241 It was discovered that the procfs filesystem did not properly handle processes...
USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not...
USN-3909-1: libvirt vulnerability
It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service...
USN-3908-2: Linux kernel (Trusty HWE) vulnerability
USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A...
USN-3908-1: Linux kernel vulnerability
Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations...
USN-3902-2: PHP vulnerabilities
USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash,...
USN-3907-1: WALinuxAgent vulnerability
It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file...
USN-3906-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-3905-1: poppler vulnerability
It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service...
USN-3904-1: NVIDIA graphics drivers vulnerability
It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU...
USN-3903-2: Linux kernel (HWE) vulnerabilities
USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds...
USN-3903-1: Linux kernel vulnerabilities
Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service host system crash or possibly execute arbitrary code in the host kernel. CVE-2018-16880 Jann Horn...
USN-3902-1: PHP vulnerabilities
It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2019-9020, CVE-2019-9024 It was discovered that the PHP PHAR module incorrectly handled certain...
USN-3901-2: Linux kernel (HWE) vulnerabilities
USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not...
USN-3901-1: Linux kernel vulnerabilities
Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. CVE-2018-18397 It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to...
USN-3885-2: OpenSSH vulnerability
USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked int...
USN-3900-1: GD vulnerabilities
It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3898-2: NSS vulnerability
USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to...
USN-3899-1: OpenSSL vulnerability
Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data...