USN-2128-1: Linux kernel vulnerabilities

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. CVE-2013-0160 Vasily Kulikov reported a flaw in the...

USN-2127-1: GnuTLS vulnerability

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information...

USN-2126-1: PHP vulnerabilities

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...

USN-2125-1: Python vulnerability

Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrominto function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code...

USN-2124-1: OpenJDK 6 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. CVE-2014-0411 Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data...

USN-2123-1: file vulnerabilities

It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. CVE-2012-1571 Bernd Melchers discovered that file incorrectly handle...

USN-2122-1: FreeRADIUS vulnerabilities

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. CVE-2011-4966 Pierre Carrier discovered that FreeRADIUS incorrectly handled rlmpap hash processing. An authenticated user could use this issue to caus...

USN-2121-1: GnuTLS vulnerability

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour...

USN-2120-1: PostgreSQL vulnerabilities

Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. CVE-2014-0060 Andres Freund discovered that PostgreSQL incorrectly...

USN-2102-2: Firefox regression

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric...

USN-2119-1: Thunderbird vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker...

USN-2117-1: Linux kernel vulnerabilities

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload UFI in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service panic. CVE-2013-4563 Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker...

USN-2116-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

USN-2115-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

USN-2114-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload UFI in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service panic. CVE-2013-4563 Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker...

USN-2112-1: Linux kernel (Raring HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows...

USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

USN-2110-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...

USN-2109-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...

USN-2108-1: Linux kernel (EC2) vulnerabilities

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. CVE-2013-6383 mpd reported an information leak in the recvfrom,...

USN-2107-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. CVE-2013-6383 mpd reported an information leak in the recvfrom,...

USN-2105-1: MAAS vulnerabilities

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. CVE-2013-1069...

USN-2098-2: LibYAML regression

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that LibYAML incorrectly...

USN-2104-1: LXC vulnerability

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host...

USN-2103-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

USN-2102-1: Firefox vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox...

USN-2101-1: libgadu vulnerability

Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a machine-in-the-middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2100-1: Pidgin vulnerabilities

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. CVE-2012-6152 Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote...

USN-2099-1: Perl vulnerability

It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates...

USN-2098-1: LibYAML vulnerability

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2097-1: curl vulnerability

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information...

USN-2096-1: Linux kernel vulnerability

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

USN-2095-1: Linux kernel (Saucy HWE) vulnerability

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

USN-2094-1: Linux kernel (Raring HWE) vulnerability

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

USN-2093-1: libvirt vulnerabilities

Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. CVE-2013-6436 Dario Faggioli discovered that libvir...

USN-2092-1: QEMU vulnerabilities

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

USN-2091-1: OTR vulnerabilities

This update disables the OTR v1 protocol to prevent protocol downgrade attacks...

USN-2090-1: Munin vulnerabilities

Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. CVE-2013-6048 Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names...

USN-2089-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411 Several vulnerabilities were discovered in the...

USN-2088-1: NSS vulnerability

Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to spoof SSL servers...

USN-2087-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code...

USN-2086-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the...

USN-2085-1: HPLIP vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. CVE-2013-6402 It was...

USN-2084-1: devscripts vulnerability

It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code...

USN-2083-1: Graphviz vulnerabilities

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. CVE-2014-0978, CVE-2014-1235 It was discovered that Graphviz...

USN-2082-1: CUPS vulnerability

Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions...

USN-2081-1: Bind vulnerability

Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service...

USN-2080-1: Memcached vulnerabilities

Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. CVE-2011-4971 Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -...

USN-2079-1: OpenSSL vulnerabilities

Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2013-4353 Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version...