10923 matches found
USN-3602-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-3601-1: Memcached vulnerability
It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service...
USN-3600-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. CVE-2016-10712 It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker...
USN-3599-1: Firefox vulnerability
An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-5146...
USN-3598-1: curl vulnerabilities
Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue t...
USN-3597-2: Linux kernel (HWE) vulnerabilities
USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown CVE-2017-5715,...
USN-3597-1: Linux kernel vulnerabilities
USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn...
USN-3596-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...
USN-3595-1: Samba vulnerabilities
Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. CVE-2018-1057 It was discovered that...
USN-3594-1: Linux kernel vulnerability
USN-3542-1 mitigated CVE-2017-5715 Spectre Variant 2 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative...
USN-3592-2: ClamAV vulnerabilities
USN-3592-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resultin...
USN-3593-1: Zsh vulnerabilities
It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. CVE-2014-10070 It was discovered that Zsh incorrectly handled certain inputs. An attacker coul...
USN-3592-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-0202 Hanno Böck discovered that ClamAV incorrectly handled parsing certain X...
USN-3579-3: LibreOffice regression
USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user's home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovere...
USN-3591-1: Django vulnerabilities
James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service...
USN-3590-1: Irssi vulnerabilities
It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. CVE-2018-7050 It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information...
USN-3589-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code...
USN-3585-1: Twisted vulnerability
It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code...
USN-3588-1: Memcached vulnerabilities
Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service daemon crash. CVE-2017-9951 It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service...
USN-3587-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2017-14461 It was discovered that Dovecot incorrectly handled TLS S...
USN-3575-2: QEMU regression
USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest...
USN-3586-1: DHCP vulnerabilities
Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-2774 It was discovered that the...
USN-3579-2: LibreOffice regression
USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user's home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovere...
USN-3584-1: sensible-utils vulnerability
Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code...
USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out-of-bounds write vulnerability existed in the...
USN-3583-1: Linux kernel vulnerabilities
It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System f2fs in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0750 It...
USN-3581-3: Linux kernel (Raspberry Pi 2) vulnerabilities
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 ChunYu Wang discovered that a...
USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel...
USN-3582-1: Linux kernel vulnerabilities
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 Laurent Guerby discovered that...
USN-3581-2: Linux kernel (HWE) vulnerabilities
USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contain...
USN-3581-1: Linux kernel vulnerabilities
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 ChunYu Wang discovered that a...
USN-3578-1: WavPack vulnerabilities
It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. CVE-2018-7253 It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a...
USN-3580-1: Linux kernel vulnerabilities
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory...
USN-3579-1: LibreOffice vulnerability
It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. CVE-2018-6871...
USN-3577-1: CUPS vulnerability
Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information...
USN-3576-1: libvirt vulnerabilities
Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.0...
USN-3575-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-11334 David Buchanan discovered that QEMU...
USN-3574-1: Bind vulnerability
It was discovered that Bind incorrectly handled DNSSEC validation. An attacker could possibly use this to cause a denial of service...
USN-3573-1: Quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-5379 It was discovered that the Quagga BGP daemon did not...
USN-3572-1: FreeType vulnerability
It was discovered that FreeType incorrectly handled certain files. An attacker could possibly use this to cause a denial of service...
USN-3571-1: Erlang vulnerabilities
It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...
USN-3570-1: AdvanceCOMP vulnerability
Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary cod...
USN-3569-1: libvorbis vulnerabilities
It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. CVE-2017-14632 It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. CVE-2017-14633...
USN-3544-2: Firefox regressions
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. I...
USN-3568-1: WavPack vulnerabilities
Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10169 Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An...
USN-3567-1: Puppet vulnerability
It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code...
USN-3566-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS attacks. CVE-2018-5712 It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use thi...
USN-3565-1: Exim vulnerability
Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3564-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information...
USN-3563-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...