10832 matches found
USN-3570-1: AdvanceCOMP vulnerability
Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary cod...
USN-3569-1: libvorbis vulnerabilities
It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. CVE-2017-14632 It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. CVE-2017-14633...
USN-3544-2: Firefox regressions
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. I...
USN-3568-1: WavPack vulnerabilities
Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10169 Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An...
USN-3567-1: Puppet vulnerability
It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code...
USN-3566-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS attacks. CVE-2018-5712 It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use thi...
USN-3565-1: Exim vulnerability
Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3564-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information...
USN-3563-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...
USN-3562-1: MiniUPnP vulnerabilities
It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library...
USN-3561-1: libvirt update
It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...
USN-3560-1: QEMU update
It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...
USN-3559-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188...
USN-3558-1: systemd vulnerabilities
Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue on...
USN-3557-1: Squid vulnerabilities
Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. CVE-2016-2569 William Lima discovered that Squid incorrect...
USN-3550-2: ClamAV vulnerabilities
USN-3550-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash,...
USN-3556-2: Dovecot vulnerabilities
USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. CVE-2013-6171...
USN-3556-1: Dovecot vulnerability
It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service...
USN-3555-2: w3m vulnerabilities
USN-3555-2 fixed vulnerabilities in w3m. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It...
USN-3555-1: w3m vulnerabilities
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...
USN-3554-2: curl vulnerability
USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information...
USN-3554-1: curl vulnerabilities
It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication...
USN-3552-1: Firefox vulnerability
Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. CVE-2018-5124...
USN-3553-1: Ruby vulnerabilities
It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...
USN-3551-1: WebKitGTK+ vulnerabilities
Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. CVE-2018-4088,...
USN-3550-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380 It was discovered...
USN-3529-1: Thunderbird vulnerabilities
It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. CVE-2017-7829 It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a...
USN-3549-1: Linux kernel (KVM) vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. CVE-2017-5715,...
USN-3548-2: Linux kernel (HWE) vulnerability
USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux...
USN-3548-1: Linux kernel vulnerability
Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code...
USN-3547-1: Libtasn1 vulnerabilities
It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-10790 It was discovered that Libtasn1...
USN-3537-2: MySQL vulnerabilities
USN-3537-1 fixed vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in...
USN-3544-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...
USN-3546-1: gcab vulnerability
Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute...
USN-3543-2: rsync vulnerabilities
USN-3543-1 fixed vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code...
USN-3543-1: rsync vulnerabilities
It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2017-16548 It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass argument...
USN-3542-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and bran...
USN-3541-2: Linux kernel (HWE) vulnerabilities
USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch...
USN-3542-1: Linux kernel vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and bran...
USN-3541-1: Linux kernel vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...
USN-3540-1: Linux kernel vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...
USN-3539-1: GIMP vulnerabilities
It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code. CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...
USN-3538-1: OpenSSH vulnerabilities
Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...
USN-3537-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packag...
USN-3531-2: Intel Microcode regression
USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. Original...
USN-3535-2: Bind vulnerability
USN-3535-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause...
USN-3536-1: GNU C Library vulnerability
It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001...
USN-3534-1: GNU C Library vulnerabilities
It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001 A memory leak was...
USN-3535-1: Bind vulnerability
Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...