Ubuntu - Page 151 of Ubuntu Vulnerabilities List

Ubuntu•added 2016/05/04 7:36 p.m.•39 views

USN-2961-1: Little CMS vulnerability

It was discovered that a double free could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code...

10CVSS8.8AI score0.0623EPSS

Ubuntu•added 2016/05/04 6:44 p.m.•96 views

USN-2950-3: Samba regressions

USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were adde...

7.1AI score

Ubuntu•added 2016/05/04 6:34 p.m.•80 views

USN-2950-2: libsoup update

USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws ...

7.1AI score

Ubuntu•added 2016/05/03 2:49 p.m.•103 views

USN-2959-1: OpenSSL vulnerabilities

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...

10CVSS8.1AI score0.89058EPSS

Exploits7

Ubuntu•added 2016/05/02 8:19 p.m.•54 views

USN-2936-2: Oxygen-GTK3 update

USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to crash on startup with the Oxygen GTK theme due to a pre-existing bug in the Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson...

8AI score

Ubuntu•added 2016/05/02 6:31 p.m.•56 views

USN-2957-2: Libtasn1 vulnerability

USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue...

5.9CVSS6.6AI score0.29572EPSS

Ubuntu•added 2016/05/02 4:58 p.m.•54 views

USN-2958-1: poppler vulnerabilities

It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. CVE-2013-4473,...

9.3CVSS7.8AI score0.10483EPSS

Ubuntu•added 2016/05/02 4:46 p.m.•58 views

USN-2957-1: Libtasn1 vulnerability

Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service...

5.9CVSS6.6AI score0.29572EPSS

Ubuntu•added 2016/04/29 5:21 p.m.•113 views

USN-2956-1: ubuntu-core-launcher vulnerability

Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems eg, traditional desktop and server. If a user were tricked into installing a malicious sn...

10CVSS8.5AI score0.03485EPSS

Ubuntu•added 2016/04/27 10:32 p.m.•87 views

USN-2934-1: Thunderbird vulnerabilities

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denia...

9.3CVSS8.2AI score0.31046EPSS

Exploits9

Ubuntu•added 2016/04/27 9:10 p.m.•62 views

USN-2955-1: Oxide vulnerabilities

A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. CVE-2016-1578 An out-of-bounds read...

10CVSS8.5AI score0.45298EPSS

Exploits1References1

Ubuntu•added 2016/04/27 4:39 p.m.•105 views

USN-2952-2: PHP regression

USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PHP Zip extension incorrectly handled directories when...

7.7AI score

Ubuntu•added 2016/04/27 12:24 p.m.•65 views

USN-2936-1: Firefox vulnerabilities

Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website...

10CVSS7.9AI score0.04841EPSS

Ubuntu•added 2016/04/25 12:20 p.m.•73 views

USN-2954-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...

10CVSS7AI score0.10226EPSS

Ubuntu•added 2016/04/21 3:51 p.m.•111 views

USN-2953-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages...

10CVSS6.4AI score0.10226EPSS

Ubuntu•added 2016/04/21 3:16 p.m.•94 views

USN-2952-1: PHP vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

10CVSS7.7AI score0.35438EPSS

Exploits4

Ubuntu•added 2016/04/19 2:24 p.m.•70 views

USN-2917-3: Firefox regressions

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in...

8.2AI score

Ubuntu•added 2016/04/18 12:25 p.m.•51 views

USN-2951-1: OptiPNG vulnerabilities

Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. CVE-2015-7801 Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote...

9.3CVSS7AI score0.05383EPSS

Exploits3

Ubuntu•added 2016/04/18 12:16 p.m.•72 views

USN-2950-1: Samba vulnerabilities

Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a machine-in-the-middle attack, or possibly execute arbitrary code. CVE-2015-5370 Stefan...

7.5CVSS7.1AI score0.37043EPSS

Ubuntu•added 2016/04/11 7:32 p.m.•86 views

USN-2948-2: Linux kernel (Utopic HWE) regression

USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. We apologize for the inconvenience. Original advisory...

7.1AI score

Ubuntu•added 2016/04/07 10:0 p.m.•82 views

USN-2917-2: Firefox regressions

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. We apologize for the...

8.2AI score

Ubuntu•added 2016/04/06 7:53 a.m.•70 views

USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8812 Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux...

10CVSS7.4AI score0.14281EPSS

Ubuntu•added 2016/04/06 7:35 a.m.•82 views

USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities

Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7566 Ralf Spenneberg discovered that the usbvision driver in...

Ubuntu•added 2016/04/06 7:10 a.m.•81 views

Exploits11

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

Ubuntu•added 2016/04/06 6:59 a.m.•87 views

USN-2947-2: Linux kernel (Wily HWE) vulnerabilities

Ubuntu•added 2016/04/06 6:49 a.m.•82 views

USN-2947-1: Linux kernel vulnerabilities

Ubuntu•added 2016/04/06 6:39 a.m.•79 views

USN-2946-2: Linux kernel (Trusty HWE) vulnerabilities

10CVSS7.4AI score0.14281EPSS

Ubuntu•added 2016/04/06 6:38 a.m.•70 views

USN-2946-1: Linux kernel vulnerabilities

10CVSS7.4AI score0.14281EPSS

Ubuntu•added 2016/04/04 6:12 p.m.•34 views

USN-2945-1: XChat-GNOME vulnerability

It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a machine-in-the-middle attack...

5.5AI score

Ubuntu•added 2016/04/04 6:5 p.m.•82 views

USN-2944-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

8.8CVSS7.1AI score0.14621EPSS

Exploits3

Ubuntu•added 2016/03/29 5:10 p.m.•113 views

USN-2943-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.1AI score0.09157EPSS

Exploits11

Ubuntu•added 2016/03/24 10:52 p.m.•58 views

USN-2942-1: OpenJDK 7 vulnerability

A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code...

9.3CVSS8AI score0.05765EPSS

Ubuntu•added 2016/03/24 12:51 p.m.•63 views

USN-2941-1: Quagga vulnerabilities

Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2342 It was discovered...

8.1CVSS7.5AI score0.1211EPSS

Ubuntu•added 2016/03/23 7:9 p.m.•58 views

USN-2939-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

6.5CVSS7.4AI score0.04012EPSS

Ubuntu•added 2016/03/21 7:28 p.m.•53 views

USN-2938-1: Git vulnerabilities

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. CVE-2016-2315, CVE-2016-2324...

10CVSS8.8AI score0.18808EPSS

Ubuntu•added 2016/03/21 6:5 p.m.•72 views

USN-2937-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

6.8CVSS7.3AI score0.10946EPSS

Exploits2

Ubuntu•added 2016/03/17 8:37 p.m.•80 views

USN-2935-3: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the...

6.6AI score

Exploits0References2

Ubuntu•added 2016/03/16 6:43 p.m.•58 views

USN-2935-2: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pamuserdb module incorrectly us...

6.6AI score