10923 matches found
USN-2570-1: Oxide vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...
USN-2580-1: tcpdump vulnerabilities
It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor...
USN-2579-1: autofs vulnerability
It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program...
USN-2578-1: LibreOffice vulnerabilities
Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. CVE-2014-9093 It was discovered that LibreOffice...
USN-2571-1: Firefox vulnerability
Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileg...
USN-2577-1: wpa_supplicant vulnerability
It was discovered that wpasupplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpasupplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code...
USN-2576-2: usb-creator vulnerability
USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Original advisory details: Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges...
USN-2576-1: usb-creator vulnerability
Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges...
USN-2575-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the...
USN-2574-1: OpenJDK 7 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...
USN-2573-1: OpenJDK 6 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...
USN-2572-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-3330 It was discovered that PHP incorrectly handled opening tar, zip or ph...
USN-2569-2: Apport vulnerability
USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Original advisory details: Stéphan...
USN-2569-1: Apport vulnerability
Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges...
USN-2568-1: libx11, libxrender vulnerability
Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other...
USN-2567-1: NTP vulnerabilities
Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. CVE-2015-1798 Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use...
USN-2566-1: dpkg vulnerability
Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks...
USN-2565-1: Linux kernel vulnerabilities
An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...
USN-2564-1: Linux kernel (Utopic HWE) vulnerabilities
An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...
USN-2563-1: Linux kernel vulnerabilities
Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP Stream Control Transmission Protocol subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges on the system. CVE-2015-1421...
USN-2562-1: Linux kernel (Trusty HWE) vulnerabilities
Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP Stream Control Transmission Protocol subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges on the system. CVE-2015-1421...
USN-2561-1: Linux kernel (OMAP4) vulnerabilities
It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...
USN-2560-1: Linux kernel vulnerabilities
An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...
USN-2559-1: Libtasn1 vulnerability
Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2558-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user...
USN-2556-1: Oxide vulnerabilities
It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program...
USN-2557-1: Firefox vulnerability
Muneaki Nishimura discovered a flaw in Mozilla's HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a machine-in-the-middle attack. CVE-2015-0799...
USN-2552-1: Thunderbird vulnerabilities
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Christoph...
USN-2553-2: LibTIFF regression
USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory...
USN-2550-1: Firefox vulnerabilities
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...
USN-2555-1: Libgcrypt vulnerabilities
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. CVE-2014-3591 Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcry...
USN-2554-1: GnuPG vulnerabilities
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. CVE-2014-3591 Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was...
USN-2553-1: LibTIFF vulnerabilities
William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user...
USN-2551-1: Apache Standard Taglibs vulnerability
David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...
USN-2549-1: libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...
USN-2548-1: Batik vulnerability
Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption...
USN-2547-1: Mono vulnerabilities
It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. CVE-2015-2318 It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A...
USN-2546-1: Linux kernel vulnerabilities
A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. CVE-2013-7421 A flaw was...
USN-2545-1: Linux kernel (Utopic HWE) vulnerabilities
A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. CVE-2013-7421 A flaw was...
USN-2544-1: Linux kernel vulnerabilities
Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. CVE-2015-0274 A flaw was discovered in the automatic loading of modules in the crypto subsyste...
USN-2543-1: Linux kernel (Trusty HWE) vulnerabilities
Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. CVE-2015-0274 A flaw was discovered in the automatic loading of modules in the crypto subsyste...
USN-2542-1: Linux kernel (OMAP4) vulnerabilities
The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service system crash. CVE-2014-7822 A flaw was discovered in how Thread Local Storage TLS is handled by the task switching function in the Linux...
USN-2541-1: Linux kernel vulnerabilities
The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service system crash. CVE-2014-7822 A flaw was discovered in how Thread Local Storage TLS is handled by the task switching function in the Linux...
USN-2540-1: GnuTLS vulnerabilities
It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. CVE-2014-8155 Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could...
USN-2539-1: Django vulnerabilities
Andrey Babak discovered that Django incorrectly handled striptags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. CVE-2015-2316 Daniel Chatfield discovered tha...
USN-2538-1: Firefox vulnerabilities
A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox...
USN-2537-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...
USN-2536-1: libXfont vulnerabilities
Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges...
USN-2535-1: PHP vulnerabilities
Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...
USN-2534-1: Libav vulnerabilities
It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...