USN-2269-1: Linux kernel (Quantal HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...

USN-2268-1: Linux kernel vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...

USN-2267-1: Linux kernel (EC2) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...

USN-2266-1: Linux kernel vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...

USN-2265-1: NSPR vulnerability

Abhishek Arya discovered that NSPR incorrectly handled certain console functions. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability...

USN-2264-1: Linux kernel vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. CVE-2014-1739 A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user...

USN-2263-1: Linux kernel (OMAP4) vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. CVE-2014-1739 A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user...

USN-2262-1: Linux kernel (Quantal HWE) vulnerabilities

A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service system crash via crafted BPF instructions. CVE-2014-3144 A remainder calculation error was discovered in the socket filter subsystem of the Lin...

USN-2261-1: Linux kernel (Saucy HWE) vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. CVE-2014-1739 A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user...

USN-2260-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges. CVE-2014-0196 Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged...

USN-2259-1: Linux kernel vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. CVE-2014-1739 A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user...

USN-2258-1: GnuPG vulnerability

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service...

USN-2257-1: Samba vulnerabilities

Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2014-0178 It was...

USN-2256-1: Swift vulnerability

John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing...

USN-2255-1: OpenStack Neutron vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. CVE-2013-6433 Stephen Ma and Christoph Thiel discovered that the...

USN-2254-2: PHP updates

USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager FPM UNIX socket. This update grants socket access to the www-data user and group so installations and documentation relying on the previous socket permissions...

USN-2254-1: PHP vulnerabilities

Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...

USN-2232-3: OpenSSL regression

USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS...

USN-2253-1: LibreOffice vulnerability

It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations...

USN-2252-1: Linux kernel (EC2) vulnerabilities

A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service system crash via crafted BPF instructions. CVE-2014-3144 A remainder calculation error was discovered in the socket filter subsystem of the Lin...

USN-2251-1: Linux kernel vulnerabilities

A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service system crash via crafted BPF instructions. CVE-2014-3144 A remainder calculation error was discovered in the socket filter subsystem of the Lin...

USN-2250-1: Thunderbird vulnerabilities

Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potential...

USN-2249-1: OpenStack Heat vulnerability

Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time...

USN-2248-1: OpenStack Cinder vulnerability

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges. CVE-2013-1068...

USN-2247-1: OpenStack Nova vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...

USN-2246-1: APT vulnerability

Jakub Wilk discovered that APT did not correctly validate signatures when downloading source packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered source packages...

USN-2214-3: libxml2 regression

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested...

USN-2232-2: OpenSSL regression

USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tlssessionsecretcb, such as wpasupplicant. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid...

USN-2245-1: json-c vulnerabilities

Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. CVE-2013-6370 Florian Weimer discovered that json-c incorrectly handled hash arrays. ...

USN-2244-1: Libav vulnerability

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

USN-2243-1: Firefox vulnerabilities

Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted...

USN-2242-1: dpkg vulnerabilities

It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service...

USN-2214-2: libxml2 regression

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform...

USN-2241-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt...

USN-2240-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 An information leak was discovered in the netfilter subsystem of the Linux kernel. An...

USN-2239-1: Linux kernel (Saucy HWE) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt...

USN-2238-1: Linux kernel (Raring HWE) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged loc...

USN-2237-1: Linux kernel (Quantal HWE) vulnerability

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges...

USN-2236-1: Linux kernel (OMAP4) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users...

USN-2235-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users...

USN-2234-1: Linux kernel (EC2) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation...

USN-2233-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation...

USN-2232-1: OpenSSL vulnerabilities

Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS...

USN-2230-1: chkrootkit vulnerability

Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges...

USN-2229-1: GnuTLS vulnerability

Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2228-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2227-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges. CVE-2014-0196 Matthew Daley reported an information leak in the floppy disk driver of the Linux...

USN-2226-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2225-1: Linux kernel (Saucy HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2224-1: Linux kernel (Raring HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...