10832 matches found
USN-3742-1: Linux kernel vulnerabilities
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...
USN-3741-1: Linux kernel vulnerabilities
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...
USN-3740-1: Linux kernel vulnerabilities
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...
USN-3740-2: Linux kernel (HWE) vulnerabilities
USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...
USN-3739-2: libxml2 vulnerabilities
USN-3739-1 fixed a vulnerability in libxml2. This update provides the corresponding update for Ubuntu 12.04. Original advisory details: Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...
USN-3739-1: libxml2 vulnerabilities
Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2016-9318 It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of...
USN-3738-1: Samba vulnerabilities
Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-10858 Volker Mauel discovered that Samba...
USN-3737-1: GDM vulnerability
A use-after-free was discovered in GDM. A local user could exploit this to cause a denial of service, or potentially execute arbitrary code as the administrator...
USN-3736-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10209, CVE-2016-10349, CVE-2016-10350 Agostino Sarubbo discovered tha...
USN-3735-1: OpenJDK 7 vulnerability
It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service excessive memory consumption...
USN-3734-1: OpenJDK 8 vulnerability
It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to possibly construct a class that caused a denial of service excessive memory consumption...
USN-3733-1: GnuPG vulnerability
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys...
USN-3732-1: Linux kernel vulnerability
Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service...
USN-3732-2: Linux kernel (HWE) vulnerability
USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed...
USN-3731-2: LFTP vulnerability
USN-3731-1 fixed a vulnerability in LFTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...
USN-3731-1: LFTP vulnerability
It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...
USN-3730-1: LXC vulnerability
Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic utility. A local attacker could possibly use this issue to open arbitrary files...
USN-3729-1: libxcursor vulnerability
It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...
USN-3728-3: ClamAV vulnerabilities
USN-3728-2 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service...
USN-3728-2: ClamAV vulnerabilities
USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could...
USN-3728-1: libmspack vulnerabilities
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-14679, CVE-2018-14680 Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...
USN-3727-1: Bouncy Castle vulnerabilities
It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys...
USN-3726-1: Django vulnerability
Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks...
USN-3725-2: MySQL vulnerabilities
USN-3725-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
USN-3725-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated...
USN-3722-4: ClamAV regression
USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original...
USN-3722-3: ClamAV regression
USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original...
USN-3724-1: Evolution Data Server vulnerability
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...
USN-3723-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. CVE-2018-1336 It was discovered that the Tomcat WebSocket client incorrectly performed hostname verificatio...
USN-3722-2: ClamAV vulnerabilities
USN-3722-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a...
USN-3721-1: Apache Ant vulnerability
Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files...
USN-3722-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. CVE-2018-0360 It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use thi...
USN-3720-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information...
USN-3719-2: Mutt vulnerabilities
USN-3719-1 fixed a vulnerability in Mutt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. CVE-2018-14350, CVE-2018-14352,...
USN-3719-1: Mutt vulnerabilities
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357 It was discovered that Mutt incorrectly handled certain...
USN-3718-2: Linux kernel (HWE) regression
USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel HWE kernel for Ubuntu 16.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This updat...
USN-3718-1: Linux kernel regression
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. We...
USN-3717-2: PolicyKit vulnerabilities
USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash,...
USN-3717-1: PolicyKit vulnerabilities
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2015-3218 It was discovered that PolicyKit...
USN-3714-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...
USN-3716-1: Dnsmasq update
This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover...
USN-3715-1: dns-root-data update
This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints...
USN-3713-1: CUPS vulnerabilities
It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. CVE-2017-18248 Dan...
USN-3712-2: libpng vulnerability
USN-3712-1 fixed a vulnerability in libpng. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service...
USN-3712-1: libpng vulnerabilities
Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10087 Thuan Pham discovered that libpng incorrectly handled certain PNG files...
USN-3711-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...
USN-3710-1: curl vulnerability
Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3705-2: Firefox regressions
USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...
USN-3709-1: Xapian-core vulnerability
It was discovered that Xapian-core incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code...
USN-3706-2: libjpeg-turbo vulnerabilities
USN-3706-1 fixed a vulnerability in libjpeg-turbo. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a...