10832 matches found
USN-3676-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service system crash when mounted. CVE-2018-1092, CVE-2018-1093 It...
USN-3675-1: GnuPG vulnerabilities
Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the...
USN-3674-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly...
USN-3674-1: Linux kernel vulnerabilities
It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-1068 It was discovered that a NULL pointer dereference existed in t...
USN-3673-1: Unbound vulnerability
Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence NXDOMAIN answer of an existing wildcard record, or trick Unbound into accepting a NODATA proof...
USN-3672-1: Liblouis vulnerabilities
Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-11683, CVE-2018-11684, CVE-2018-11685...
USN-3671-1: Git vulnerabilities
Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. CVE-2018-11235 It was discovered that an integer overflow existed ...
USN-3670-1: elfutils vulnerabilities
Agostino Sarubbo discovered that elfutils incorrectly handled certain malformed ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, elfutils could be made to crash or consume resources, resulting in a denial of service...
USN-3658-2: procps-ng vulnerabilities
USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code...
USN-3669-1: Liblouis vulnerabilities
It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-11410 It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to...
USN-3664-2: Apport vulnerability
USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Sander Bos discovered that...
USN-3668-1: Exempi vulnerabilities
It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3667-1: libytnef vulnerabilities
It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. CVE-2017-12141, CVE-2017-9146, CVE-2017-9471, CVE-2017-9473 It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this t...
USN-3666-1: Oslo middleware vulnerability
Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs...
USN-3665-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...
USN-3664-1: Apport vulnerability
Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers...
USN-3663-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information...
USN-3662-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system...
USN-3661-1: Batik vulnerability
It was discovered that Batik incorrectly handled certain XML. An attacker could possibly use this to expose sensitive information...
USN-3586-2: DHCP vulnerabilities
USN-3586-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm discovered that the DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client t...
USN-3660-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or...
USN-3598-2: curl vulnerabilities
USN-3598-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary cod...
USN-3659-1: Spice vulnerability
Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3658-1: procps-ng vulnerabilities
It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. CVE-2018-1122 It was discovered that the procps-ng ps tool incorrectly handled memory. A local user...
USN-3657-1: Linux kernel (Raspberry Pi 2) vulnerabilities
It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information kernel netlink traffic. CVE-2017-17449 Tuba Yavuz discovered that a...
USN-3656-1: Linux kernel (Raspberry Pi 2, Snapdragon) vulnerabilities
Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-17975 It was discovered that a race condition existed in the F2FS implementatio...
USN-3655-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3655-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn and Ken Johnson discovered that microprocessors...
USN-3655-1: Linux kernel vulnerabilities
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...
USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors...
USN-3654-1: Linux kernel vulnerabilities
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...
USN-3653-2: Linux kernel (HWE) vulnerabilities
USN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing...
USN-3653-1: Linux kernel vulnerabilities
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...
USN-3652-1: Linux kernel vulnerability
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...
USN-3651-1: QEMU update
Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...
USN-3650-1: xdg-utils vulnerability
It was discovered that xdg-utils incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code...
USN-3645-2: Firefox regression
USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...
USN-3646-2: PHP vulnerabilities
USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain...
USN-3642-2: DPDK vulnerability
USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Original advisory details: Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information...
USN-3649-1: QEMU vulnerabilities
Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2017-16845 Cyrille...
USN-3648-1: curl vulnerabilities
Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute...
USN-3647-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. CVE-2017-18267 It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue...
USN-3600-2: PHP vulnerabilities
USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS...
USN-3646-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...
USN-3645-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting XSS attacks, install...
USN-3644-1: OpenJDK 8 vulnerabilities
It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. CVE-2018-2790 Francesc...
USN-3643-2: Wget vulnerability
USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values...
USN-3643-1: Wget vulnerability
It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values...
USN-3642-1: DPDK vulnerability
Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information...
USN-3641-2: Linux kernel vulnerabilities
USN-3641-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS...
USN-3641-1: Linux kernel vulnerabilities
Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service system crash. This issue only affected the amd64 architecture. CVE-2018-8897 Andy Lutomirski discovered that...