10832 matches found
USN-3399-1: cvs vulnerability
Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...
USN-3398-1: graphite2 vulnerabilities
Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or...
USN-3397-1: strongSwan vulnerability
It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service...
USN-3396-1: OpenJDK 7 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...
USN-3391-3: Firefox regression
USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...
USN-3393-2: ClamAV vulnerabilities
USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to...
USN-3395-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...
USN-3394-1: libmspack vulnerabilities
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...
USN-3393-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...
USN-3391-2: Ubufox update
USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to...
USN-3392-1: Linux kernel regression
USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a...
USN-3392-2: Linux kernel (Xenial HWE) regression
USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, ...
USN-3391-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting XSS attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal...
USN-3390-1: PostgreSQL vulnerabilities
Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login...
USN-3389-2: GD vulnerability
USN-3389-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: A vulnerability was discovered in GD Graphics Library aka libgd, as used in PHP that does not zero colorMap arrays before use. A specially crafte...
USN-3389-1: GD vulnerability
A vulnerability was discovered in GD Graphics Library aka libgd, as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack...
USN-3388-1: Subversion vulnerabilities
Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. CVE-2017-9800 Daniel Shahaf and James McCoy...
USN-3387-1: Git vulnerability
Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user...
USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code...
USN-3386-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3386-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code...
USN-3384-2: Linux kernel (HWE) vulnerabilities
USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the...
USN-3386-1: Linux kernel vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. CVE-2017-1000112 Andrey Konovalov discovered a race condition in AFPACKET socket option handling code...
USN-3385-1: Linux kernel vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. CVE-2017-1000112 Andrey Konovalov discovered a race condition in AFPACKET socket option handling code...
USN-3384-1: Linux kernel vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. CVE-2017-1000112 Andrey Konovalov discovered a race condition in AFPACKET socket option handling code...
USN-3383-1: libsoup vulnerability
Aleksandar Nikolic discovered a stack based buffer overflow when handling chunked encoding. An attacker could use this to cause a denial of service or possibly execute arbitrary code...
USN-3382-1: PHP vulnerabilities
It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8994 It was discovered that the PHP...
USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux...
USN-3381-1: Linux kernel vulnerabilities
Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information kernel memory. CVE-2016-8405 It was discovered that the Linux kernel did not properly restrict RLIMITSTACK...
USN-3380-1: FreeRDP vulnerabilities
It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-0250 It was discovered...
USN-3379-1: Shotwell vulnerability
It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...
USN-3339-2: OpenVPN vulnerability
USN-3339-1 fixed several issues in OpenVPN. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN...
USN-3212-4: LibTIFF vulnerabilities
USN-3212-1 fixed several issues in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF which allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image,...
USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs...
USN-3377-2: Linux kernel (HWE) vulnerabilities
USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename...
USN-3378-1: Linux kernel vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
USN-3377-1: Linux kernel vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
USN-3376-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3375-1: LXC vulnerability
It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An attacker could possibly use this issue to escape LXC containers...
USN-3370-2: Apache HTTP Server vulnerability
USN-3370-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote...
USN-3294-2: Bash vulnerability
USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code wit...
USN-3366-2: OpenJDK 8 regression
USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the JPEGImageReader class in...
USN-3374-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled MQTT MQ Telemetry Transport authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password...
USN-3363-2: ImageMagick regression
USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick...
USN-3373-1: Apache HTTP Server vulnerabilities
Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...
USN-3372-1: NSS vulnerability
It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. CVE-2017-7502 Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable t...
USN-3371-1: Linux kernel (HWE) kernel vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture ALSA subsystem i...
USN-3370-1: Apache HTTP Server vulnerability
Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information...
USN-3369-1: FreeRADIUS vulnerabilities
Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code...
USN-3366-1: OpenJDK 8 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...
USN-3368-1: libiberty vulnerabilities
It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrar...