Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
added 2015/03/16 2:17 p.m.50 views

USN-2532-1: cups-filters vulnerability

It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands...

7.5CVSS7.4AI score0.02958EPSS
Exploits1
Ubuntu
Ubuntu
added 2015/03/16 1:6 p.m.60 views

USN-2533-1: Sudo vulnerability

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions...

3.3CVSS5.8AI score0.0047EPSS
Exploits1
Ubuntu
Ubuntu
added 2015/03/16 12:55 p.m.49 views

USN-2531-1: Requests vulnerability

Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks...

6.8CVSS7.4AI score0.03408EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:44 a.m.82 views

USN-2530-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:41 a.m.52 views

USN-2529-1: Linux kernel (Utopic HWE) vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:37 a.m.77 views

USN-2528-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:32 a.m.74 views

USN-2527-1: Linux kernel (Trusty HWE) vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:29 a.m.67 views

USN-2526-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/12 6:24 a.m.60 views

USN-2525-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/11 12:41 a.m.50 views

USN-2524-1: eCryptfs vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files...

5CVSS5.3AI score0.0218EPSS
Exploits1
Ubuntu
Ubuntu
added 2015/03/10 6:22 p.m.86 views

USN-2522-3: ICU vulnerabilities

USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled...

10CVSS7.6AI score0.2258EPSS
Exploits5
Ubuntu
Ubuntu
added 2015/03/10 3:28 p.m.75 views

USN-2521-1: Oxide vulnerabilities

Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS8.7AI score0.02565EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/10 2:49 p.m.66 views

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...

5CVSS6.6AI score0.60205EPSS
Exploits2
Ubuntu
Ubuntu
added 2015/03/09 5:43 p.m.73 views

USN-2505-2: Firefox regression

USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Matthew Noorenberghe discovered that allowlisted...

8.1AI score
Exploits0References2
Ubuntu
Ubuntu
added 2015/03/06 7:9 p.m.75 views

USN-2522-2: ICU regression

USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have been temporarily backed out until the regression is investigated. We apologize for the inconvenience. Original advisory details: It was discovered that...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/03/05 1:31 p.m.98 views

USN-2522-1: ICU vulnerabilities

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubun...

10CVSS7.6AI score0.2258EPSS
Exploits5
Ubuntu
Ubuntu
added 2015/03/04 8:47 a.m.80 views

USN-2516-3: Linux kernel vulnerabilities regression

USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw w...

6.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/03/04 8:33 a.m.71 views

USN-2515-2: Linux kernel (Trusty HWE) vulnerabilities regression

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/03/03 10:2 a.m.67 views

USN-2506-1: Thunderbird vulnerabilities

Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain...

7.5CVSS8AI score0.04359EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/28 6:17 p.m.76 views

USN-2516-2: Linux kernel vulnerability regression

USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/02/26 4:7 p.m.58 views

USN-2520-1: CUPS vulnerability

Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.8CVSS7.5AI score0.04633EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/26 3:57 p.m.73 views

USN-2519-1: GNU C Library vulnerabilities

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

7.8CVSS7.7AI score0.07834EPSS
Exploits5
Ubuntu
Ubuntu
added 2015/02/26 11:31 a.m.79 views

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:28 a.m.73 views

USN-2517-1: Linux kernel (Utopic HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:22 a.m.76 views

USN-2516-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:18 a.m.76 views

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:13 a.m.83 views

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:9 a.m.80 views

USN-2513-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:5 a.m.76 views

USN-2512-1: Linux kernel (EC2) vulnerabilities

A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...

6.9CVSS6.8AI score0.00461EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/26 10:49 a.m.81 views

USN-2511-1: Linux kernel vulnerabilities

A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...

6.9CVSS6.8AI score0.00461EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/25 9:53 p.m.88 views

USN-2505-1: Firefox vulnerabilities

Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. CVE-2015-0819 Jan de Mooij...

7.5CVSS8AI score0.06029EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/24 7:33 p.m.71 views

USN-2510-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges...

7.5CVSS7.4AI score0.07687EPSS
Exploits20
Ubuntu
Ubuntu
added 2015/02/23 6:23 p.m.39 views

USN-2509-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/02/23 6:19 p.m.51 views

USN-2508-1: Samba vulnerability

Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges...

10CVSS7.9AI score0.87636EPSS
Exploits7
Ubuntu
Ubuntu
added 2015/02/23 6:10 p.m.58 views

USN-2507-1: e2fsprogs vulnerabilities

Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. CVE-2015-0247, CVE-2015-1572...

4.6CVSS8.6AI score0.00897EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/19 5:48 p.m.37 views

USN-2504-1: NSS update

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/02/18 9:29 p.m.57 views

USN-2503-1: Bind vulnerability

Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service...

5.4CVSS7.2AI score0.22168EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/17 8:28 p.m.55 views

USN-2502-1: unzip vulnerabilities

William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code...

7.5CVSS8.4AI score0.04898EPSS
Exploits2
Ubuntu
Ubuntu
added 2015/02/17 6:14 p.m.90 views

USN-2501-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

7.5CVSS7.6AI score0.53166EPSS
Exploits14
Ubuntu
Ubuntu
added 2015/02/17 12:26 p.m.59 views

USN-2500-1: X.Org X server vulnerabilities

Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. CVE-2015-0255 It was discovered...

6.4CVSS6.5AI score0.04502EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/12 11:10 p.m.65 views

USN-2488-2: ClamAV vulnerability

USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Original advisory details: Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An...

7.5CVSS6.8AI score0.03234EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/11 5:57 p.m.70 views

USN-2499-1: PostgreSQL vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...

9.8CVSS7.2AI score0.05533EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/10 8:4 p.m.73 views

USN-2498-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

9CVSS7.5AI score0.06213EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/10 5:56 p.m.73 views

USN-2495-1: Oxide vulnerabilities

A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed rende...

7.5CVSS8.7AI score0.02854EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/09 9:39 p.m.92 views

USN-2496-1: GNU binutils vulnerabilities

Michal Zalewski discovered that the setupgroup function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service application crash or possibly execute arbitrary code. CVE-2014-8485 Hanno Böck...

7.5CVSS8.3AI score0.07486EPSS
Exploits7
Ubuntu
Ubuntu
added 2015/02/09 5:32 p.m.101 views

USN-2497-1: NTP vulnerabilities

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. CVE-2014-9297 Steph...

7AI score
Exploits0
Ubuntu
Ubuntu
added 2015/02/04 6:3 p.m.55 views

USN-2469-2: Django regression

USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jededia...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/02/04 5:56 p.m.74 views

USN-2494-1: file vulnerabilities

Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. CVE-2014-3710 Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to caus...

5CVSS7.9AI score0.14013EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/02/04 1:22 a.m.83 views

USN-2493-1: Linux kernel (OMAP4) vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

5.5CVSS6.5AI score0.00738EPSS
Exploits1
Ubuntu
Ubuntu
added 2015/02/04 1:19 a.m.77 views

USN-2492-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

5.5CVSS6.5AI score0.00738EPSS
Exploits1
Total number of security vulnerabilities10923