USN-2223-1: Linux kernel (Quantal HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2222-1: mod_wsgi vulnerabilities

Róbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. CVE-2014-0240 Buck Golemon discovered that modwsgi used memory that had been freed. A remote attacker could use...

USN-2221-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2220-1: Linux kernel (EC2) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2219-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2218-1: Xalan-Java vulnerability

Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources...

USN-2217-1: lxml vulnerability

It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting XSS attacks...

USN-2216-1: Pidgin vulnerability

It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2215-1: libgadu vulnerability

It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a machine-in-the-middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2214-1: libxml2 vulnerability

Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...

USN-2213-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service...

USN-2212-1: Django vulnerabilities

Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison...

USN-2211-1: libXfont vulnerabilities

Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. CVE-2014-0209 Ilja van Sprundel discovered that libXfont incorrectly handled...

USN-2210-1: cups-filters vulnerability

Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. CVE-2014-2707 Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause...

USN-2209-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. CVE-2013-6456 Marian Krcmarik discovered that libvirt incorrectly handled seamless...

USN-2208-2: OpenStack Quantum vulnerability

USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. Original advisory details: JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol i...

USN-2208-1: OpenStack Cinder vulnerability

JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

USN-2207-1: OpenStack Swift vulnerability

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...

USN-2206-1: OpenStack Horizon vulnerability

Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...

USN-2205-1: LibTIFF vulnerabilities

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execut...

USN-2204-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2203-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2202-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2201-1: Linux kernel (Saucy HWE) vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2200-1: Linux kernel (Raring HWE) vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2199-1: Linux kernel (Quantal HWE) vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2198-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2197-1: Linux kernel (EC2) vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2196-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges...

USN-2194-1: OpenStack Neutron vulnerability

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants...

USN-2193-1: OpenStack Glance vulnerability

Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user...

USN-2192-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled memory in the ssl3readbytes function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. CVE-2010-5298 It was discovered that OpenSSL incorrectly handled memory in the dossl3write function...

USN-2191-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,...

USN-2190-1: JBIG-KIT vulnerability

Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code...

USN-2183-2: dpkg vulnerability

USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks...

USN-2189-1: Thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially...

USN-2184-2: Unity vulnerabilities

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unit...

USN-2188-1: elfutils vulnerability

Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute...

USN-2187-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,...

USN-2186-1: Date and Time Indicator vulnerability

It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user...

USN-2185-1: Firefox vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an...

USN-2184-1: Unity vulnerabilities

Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the...

USN-2183-1: dpkg vulnerability

Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of...

USN-2182-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2013-4544 Michael S. Tsirkin...

USN-2181-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

USN-2180-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

USN-2179-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

USN-2178-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

USN-2177-1: Linux kernel (Saucy HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

USN-2176-1: Linux kernel (Raring HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...