10832 matches found
USN-2767-1: GDK-PixBuf vulnerabilities
Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of...
USN-2766-1: Spice vulnerabilities
Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. CVE-2015-5260, CVE-2015-526...
USN-2753-3: LXC regression
USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the...
USN-2765-1: Linux kernel (Vivid HWE) vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2764-1: Linux kernel (Utopic HWE) vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2763-1: Linux kernel (Trusty HWE) vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2762-1: Linux kernel vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2761-1: Linux kernel vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2754-1: Thunderbird vulnerabilities
Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a...
USN-2757-1: Oxide vulnerabilities
Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same-origin restrictions. CVE-2015-1303, CVE-2015-1304...
USN-2743-4: Firefox regression
USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christi...
USN-2760-1: Linux kernel (OMAP4) vulnerabilities
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-5707 Marc-André...
USN-2759-1: Linux kernel vulnerabilities
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-5707 Marc-André...
USN-2758-1: PHP vulnerabilities
It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. CVE-2015-5589 It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker cou...
USN-2753-2: LXC regression
USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had an absolute path specified as a bind mount target in their configuration file. This update fixes the problem. We apologize for th...
USN-2756-1: rpcbind vulnerability
It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2755-1: Cyrus SASL vulnerability
It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service...
USN-2753-1: LXC vulnerability
Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container...
USN-2752-1: Linux kernel vulnerabilities
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...
USN-2751-1: Linux kernel (Vivid HWE) vulnerabilities
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...
USN-2750-1: Linux kernel (Utopic HWE) vulnerability
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...
USN-2749-1: Linux kernel (Trusty HWE) vulnerabilities
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...
USN-2748-1: Linux kernel vulnerabilities
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...
USN-2747-1: NVIDIA graphics drivers vulnerability
Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges...
USN-2746-2: Simple Streams regression
USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Simple Streams did not properly perform gpg...
USN-2746-1: Simple Streams vulnerability
It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a machine-in-the-middle attack and inject malicious content into the stream...
USN-2745-1: QEMU vulnerabilities
Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-5239 Qinghao...
USN-2743-3: Unity Integration for Firefox, Unity Websites Integration and Ubuntu Online Accounts extension update
USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations LP:...
USN-2744-1: Apport vulnerability
Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service...
USN-2743-2: Ubufox update
USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memo...
USN-2743-1: Firefox vulnerabilities
Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially explo...
USN-2742-1: OpenLDAP vulnerabilities
Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. CVE-2015-6908 Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially...
USN-2741-1: Unity Settings Daemon vulnerability
It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session...
USN-2740-1: ICU vulnerabilities
Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. CVE-2015-1270 It was discovered that ICU incorrectly handled certain memory operations when processing data. If an...
USN-2739-1: FreeType vulnerabilities
It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory...
USN-2738-1: Linux kernel vulnerability
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...
USN-2737-1: Linux kernel (Vivid HWE) vulnerability
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...
USN-2735-1: Oxide vulnerabilities
It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...
USN-2736-1: Spice vulnerability
Frediano Ziglio discovered that Spice incorrectly handled monitor configs. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attacke...
USN-2734-1: Linux kernel vulnerability
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...
USN-2733-1: Linux kernel (Trusty HWE) vulnerability
It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...
USN-2732-1: Linux kernel (OMAP4) vulnerability
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel...
USN-2731-1: Linux kernel vulnerability
Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel...
USN-2730-1: OpenSLP vulnerabilities
Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2012-4428 Qinghao Tang...
USN-2729-1: libvdpau vulnerabilities
Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges...
USN-2728-1: Bind vulnerability
Hanno Böck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service...
USN-2727-1: GnuTLS vulnerabilities
It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. CVE-2015-3308 Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName DN entry in a...
USN-2726-1: Expat vulnerability
It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code...
USN-2723-1: Firefox vulnerabilities
A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with th...
USN-2725-1: cups-filters vulnerability
Seth Arnold discovered that ippusbxd in the cups-filters package would incorrectly listen to all configured network interfaces. A remote attacker could use this issue to possibly access locally-connected printers...