10832 matches found
USN-3803-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3799-2: MySQL vulnerabilities
USN-3799-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in...
USN-3802-1: X.Org X server vulnerability
Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges...
USN-3801-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass...
USN-3800-1: audiofile vulnerabilities
It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-13440 It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code...
USN-3799-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes,...
USN-3788-2: Tex Live-bin vulnerability
USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-17407...
USN-3777-3: Linux kernel (Azure) vulnerabilities
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free...
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband...
USN-3797-1: Linux kernel vulnerabilities
Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service system crash. CVE-2018-14734 It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kerne...
USN-3798-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not...
USN-3798-1: Linux kernel vulnerabilities
Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8539 It...
USN-3790-2: Requests vulnerability
USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information...
USN-3796-3: Paramiko vulnerability
USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-3795-2: libssh vulnerability
USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-3792-3: Net-SNMP vulnerability
USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash,...
USN-3796-2: Paramiko vulnerability
USN-3796-1 fixed a vulnerability in paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-3796-1: Paramiko vulnerability
Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials...
USN-3795-1: libssh vulnerability
Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials...
USN-3789-2: ClamAV vulnerabilities
USN-3789-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulti...
USN-3794-1: MoinMoin vulnerability
It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information...
USN-3792-2: Net-SNMP vulnerability
USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to...
USN-3793-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. CVE-2018-12376, CVE-2018-12377, CVE-2018-12378 It w...
USN-3792-1: Net-SNMP vulnerability
It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service...
USN-3790-1: Requests vulnerability
It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information...
USN-3791-1: Git vulnerability
It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...
USN-3789-1: ClamAV vulnerability
It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
USN-3788-1: Tex Live vulnerabilities
Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2015-5700 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use th...
USN-3787-1: Tomcat vulnerability
It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs...
USN-3781-2: WebKitGTK+ regression
USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A large number of security issues were discovered in the...
USN-3786-1: libxkbcommon vulnerabilities
It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862,...
USN-3785-1: ImageMagick vulnerabilities
Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate...
USN-3784-1: AppArmor update
As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files...
USN-3783-1: Apache HTTP Server vulnerabilities
Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...
USN-3778-1: Firefox vulnerabilities
A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code...
USN-3782-1: Liblouis vulnerabilities
Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-12085 It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Thi...
USN-3781-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3780-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...
USN-3779-1: Linux kernel vulnerabilities
It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges. CVE-2018-14634 It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation...
USN-3777-2: Linux kernel (HWE) vulnerabilities
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence numb...
USN-3777-1: Linux kernel vulnerabilities
Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-17182 It was discovered that the...
USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence numb...
USN-3776-1: Linux kernel vulnerabilities
Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-17182 It was discovered that the...
USN-3775-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3775-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the paravirtualization implementation in the Linux kernel did n...
USN-3775-1: Linux kernel vulnerabilities
It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. CVE-2018-15594 It was...
USN-3774-1: strongSwan vulnerability
It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3769-2: Bind vulnerability
USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bin...
USN-3773-1: Ghostscript vulnerabilities
It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3719-3: Mutt vulnerabilities
USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original advisory details: It was discovered that Mutt incorrectly handled certain...
USN-3772-1: UDisks vulnerability
It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information...