Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2017/02/27 6:4 p.m.•118 views

USN-3212-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

9.8CVSS7.7AI score0.13722EPSS
Exploits16
Ubuntu
Ubuntu
•added 2017/02/23 4:28 p.m.•94 views

USN-3211-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7479 It was discovered that PHP incorrectly handled certain...

9.8CVSS8.1AI score0.41943EPSS
Exploits6
Ubuntu
Ubuntu
•added 2017/02/23 3:26 p.m.•89 views

USN-3210-1: LibreOffice vulnerability

Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links...

5.5CVSS6.2AI score0.03122EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/22 7:59 p.m.•43 views

USN-3142-2: ImageMagick regression

USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled...

5.7AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2017/02/22 7:49 a.m.•79 views

USN-3209-1: Linux kernel vulnerabilities

It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-10088 Jim Mattson discovered tha...

7.8CVSS6.8AI score0.0596EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/02/22 7:34 a.m.•85 views

USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not proper...

8.4CVSS6.9AI score0.0596EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/02/22 7:26 a.m.•100 views

USN-3208-1: Linux kernel vulnerabilities

It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-10088 CAI Qian discovered that t...

8.4CVSS6.8AI score0.0596EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/02/22 12:42 a.m.•89 views

USN-3207-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device laye...

9.3CVSS6.8AI score0.0596EPSS
Exploits14
Ubuntu
Ubuntu
•added 2017/02/22 12:33 a.m.•82 views

USN-3207-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-7910 Dmitry Vyukov discovered a use-after-free vulnerability ...

9.3CVSS6.8AI score0.0596EPSS
Exploits14
Ubuntu
Ubuntu
•added 2017/02/22 12:10 a.m.•89 views

USN-3206-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-7910 Dmitry Vyukov discovered a use-after-free vulnerability ...

9.3CVSS6.8AI score0.0596EPSS
Exploits14
Ubuntu
Ubuntu
•added 2017/02/21 5:47 p.m.•74 views

USN-3205-1: tcpdump vulnerabilities

It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile...

9.8CVSS7.9AI score0.06196EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/20 6:0 p.m.•53 views

USN-3204-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service...

7.5CVSS7.4AI score0.07486EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/20 5:59 p.m.•60 views

USN-3203-1: gtk-vnc vulnerabilities

It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.4AI score0.04985EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/02/20 5:46 p.m.•61 views

USN-3202-1: Spice vulnerabilities

Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.8CVSS8AI score0.03844EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/17 5:34 p.m.•74 views

USN-3199-2: Python Crypto regression

USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...

9.8CVSS9.1AI score0.09501EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/16 11:52 p.m.•82 views

USN-3199-1: Python Crypto vulnerability

It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...

9.8CVSS9.1AI score0.09501EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/16 6:38 p.m.•61 views

USN-3201-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

7.5CVSS6.7AI score0.17108EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/16 6:31 p.m.•62 views

USN-3200-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.3AI score0.07043EPSS
Exploits21
Ubuntu
Ubuntu
•added 2017/02/16 2:22 a.m.•86 views

USN-3198-1: OpenJDK 6 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

9.6CVSS7.5AI score0.95707EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/02/15 6:0 p.m.•53 views

USN-3197-1: libgc vulnerability

Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service application crash or possibly execute arbitrary code...

9.8CVSS8.1AI score0.0414EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/14 6:44 p.m.•127 views

USN-3196-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-9912 It was discovered that PHP incorrectly handled...

9.8CVSS8.1AI score0.42401EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/02/10 1:18 a.m.•59 views

USN-3195-1: Nova-LXD vulnerability

James Page discovered that Nova-LXD incorrectly set up virtual network devices when creating LXD instances. This could result in an unintended firewall configuration...

7.5CVSS7.2AI score0.0291EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2017/02/10 12:44 a.m.•81 views

USN-3190-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...

10CVSS7.5AI score0.10177EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/09 5:50 p.m.•74 views

USN-3187-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash. CVE-2016-9555 It was discovered that multiple memory leaks existed in the XFS implementation in...

10CVSS6.4AI score0.09144EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/09 5:44 a.m.•99 views

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

9.6CVSS7.4AI score0.95707EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/02/08 11:50 p.m.•63 views

USN-3180-1: Oxide vulnerabilities

Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting XSS attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other ...

8.8CVSS6.9AI score0.02099EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/02/06 11:18 p.m.•93 views

USN-3175-2: Firefox regression

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/02/06 6:48 p.m.•53 views

USN-3193-1: Nettle vulnerability

It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys...

7.5CVSS8.1AI score0.05007EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/06 6:42 p.m.•82 views

USN-3192-1: Squid vulnerabilities

Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. CVE-2016-10002 Felix Hassert discovered that Squid incorrectly handled...

7.5CVSS6.6AI score0.06766EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/06 6:33 p.m.•66 views

USN-3191-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS6.8AI score0.02039EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 9:48 a.m.•90 views

USN-3190-1: Linux kernel vulnerabilities

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...

10CVSS7.5AI score0.10177EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 9:34 a.m.•84 views

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon...

7.6CVSS6.7AI score0.02341EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 9:12 a.m.•66 views

USN-3189-1: Linux kernel vulnerabilities

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 Qidan He discovered that the...

7.6CVSS6.6AI score0.02341EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 7:50 a.m.•75 views

USN-3188-2: Linux kernel (Trusty HWE) vulnerability

USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperl...

10CVSS6.4AI score0.09144EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 7:40 a.m.•75 views

USN-3188-1: Linux kernel vulnerability

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash...

10CVSS6.5AI score0.09144EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/03 7:7 a.m.•72 views

USN-3187-1: Linux kernel vulnerabilities

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash. CVE-2016-9555 It was discovered that multiple memory leaks existed in the XFS implementation in...

10CVSS6.4AI score0.09144EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/02 2:2 p.m.•117 views

USN-3177-2: Tomcat regression

USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/02/01 6:23 p.m.•52 views

USN-3186-1: iucode-tool vulnerability

It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute...

9.8CVSS8.4AI score0.02999EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/01 6:15 p.m.•60 views

USN-3185-1: libXpm vulnerability

It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8AI score0.07528EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/01 6:8 p.m.•60 views

USN-3184-1: Irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

7.5CVSS7AI score0.05595EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/01 5:56 p.m.•85 views

USN-3183-1: GnuTLS vulnerabilities

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. CVE-2016-7444 Shi Lei discovered that GnuTLS incorrectly...

9.8CVSS7.5AI score0.39657EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/01 4:7 p.m.•62 views

USN-3182-1: NTFS-3G vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

7.8CVSS7.5AI score0.02277EPSS
Exploits9
Ubuntu
Ubuntu
•added 2017/01/31 6:3 p.m.•115 views

USN-3181-1: OpenSSL vulnerabilities

Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were...

9.8CVSS7.5AI score0.57595EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/01/28 12:9 a.m.•74 views

USN-3165-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. CVE-2016-9893, CVE-2017-5373 Andrew Krasichkov...

9.8CVSS7.7AI score0.33199EPSS
Exploits26
Ubuntu
Ubuntu
•added 2017/01/27 9:57 p.m.•114 views

USN-3175-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. CVE-2017-5373, CVE-2017-5374 JIT code allocation c...

9.8CVSS7.5AI score0.33199EPSS
Exploits22
Ubuntu
Ubuntu
•added 2017/01/25 9:5 p.m.•114 views

USN-3179-1: OpenJDK 8 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

9.6CVSS7.4AI score0.95707EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/01/24 8:2 p.m.•62 views

USN-3178-1: icoutils vulnerabilities

It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.8CVSS7.1AI score0.03591EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/01/23 6:24 p.m.•102 views

USN-3177-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-0762 Alvaro Muno...

9.8CVSS7.1AI score0.90338EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/01/23 5:59 p.m.•61 views

USN-3176-1: PCSC-Lite vulnerability

Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges...

7.5CVSS7.7AI score0.04042EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/01/19 1:32 p.m.•91 views

USN-3174-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes...

6.8CVSS6.5AI score0.04792EPSS
Exploits1
Total number of security vulnerabilities10923