10832 matches found
USN-1832-1: LibTIFF vulnerabilities
Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly...
USN-1831-1: OpenStack Nova vulnerability
Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...
USN-1830-1: OpenStack Keystone vulnerability
Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired...
USN-1829-1: Linux kernel (EC2) vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6549 Mathias Krause discovered a flaw in xfrmuser in the Linux kernel. A local attacker with NETADMIN...
USN-1828-1: Linux kernel (Quantal HWE) vulnerability
An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system...
USN-1827-1: Linux kernel vulnerability
An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system...
USN-1826-1: Linux kernel vulnerability
An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system...
USN-1825-1: Linux kernel vulnerability
An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system...
USN-1824-1: Linux kernel vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6549 Mathias Krause discovered a flaw in xfrmuser in the Linux kernel. A local attacker with NETADMIN...
USN-1823-1: Thunderbird vulnerabilities
Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...
USN-1822-1: Firefox vulnerabilities
Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox...
USN-1821-1: telepathy-idle vulnerability
It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information...
USN-1820-1: gpsd vulnerability
It was discovered that gpsd incorrectly handled certain malformed GPS data. An attacker could use this issue to cause gpsd to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-1819-1: OpenJDK 6 vulnerabilities
Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. CVE-2013-0401 James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and...
USN-1818-1: Mesa vulnerability
It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-1817-1: libxml2 vulnerability
It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code...
USN-1816-1: ClamAV vulnerabilities
It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-2020 It was discovered that ClamAV...
USN-1815-1: Linux kernel vulnerabilities
Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. CVE-2013-1979 Andy Lutomirski discovered a privilege escalation in the Linux kernel's user namespaces. A local user could exploit th...
USN-1814-1: Linux kernel (OMAP4) vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6548 Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver...
USN-1813-1: Linux kernel vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6548 Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver...
USN-1812-1: Linux kernel (Quantal HWE) vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6548 Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver...
USN-1811-1: Linux kernel (OMAP4) vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6548 Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver...
USN-1809-1: Linux kernel vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. CVE-2012-6548 Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver...
USN-1807-2: MySQL vulnerabilities
USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LT...
USN-1808-1: Linux kernel (EC2) vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer llc sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. CVE-2012-6542 Mathias Krause discovered information leaks in the Linux kernel's...
USN-1807-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, th...
USN-1804-2: IcedTea-Web regression
USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol JNLP when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We...
USN-1806-1: OpenJDK 7 vulnerabilities
Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. CVE-2013-0401 James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and...
USN-1805-1: Linux kernel vulnerabilities
Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer llc sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. CVE-2012-6542 Mathias Krause discovered information leaks in the Linux kernel's...
USN-1804-1: IcedTea-Web vulnerabilities
Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. CVE-2013-1926 It was discovered that IcedTea-Web did not properly...
USN-1803-1: X.Org X server vulnerability
It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes...
USN-1802-1: Samba vulnerability
It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions...
USN-1801-1: curl vulnerability
YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could...
USN-1800-1: HAProxy vulnerabilities
It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2012-2942 Yves Lafon discovered that HAProxy...
USN-1799-1: NVIDIA graphics drivers vulnerability
It was discovered that the NVIDIA graphics drivers incorrectly handled large ARGB cursors. A local attacker could use this issue to gain root privileges. The NVIDIA graphics drivers have been updated to 304.88 to fix this issue. In addition to the security fix, the updated packages contain bug...
USN-1798-1: Linux kernel (EC2) vulnerabilities
Mathias Krause discovered several errors in the Linux kernel's xfrmuser implementation. A local attacker could exploit these flaws to examine parts of kernel memory. CVE-2012-6537 Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit t...
USN-1797-1: Linux kernel (OMAP4) vulnerabilities
Andrew Jones discovered a flaw with the xeniret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service crash the system or gain guest OS privilege. CVE-2013-0228 Emese Revfy discovered...
USN-1796-1: Linux kernel vulnerabilities
Andrew Jones discovered a flaw with the xeniret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service crash the system or gain guest OS privilege. CVE-2013-0228 Emese Revfy discovered...
USN-1795-1: Linux kernel (Quantal HWE) vulnerabilities
Andrew Jones discovered a flaw with the xeniret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service crash the system or gain guest OS privilege. CVE-2013-0228 Emese Revfy discovered...
USN-1794-1: Linux kernel (OMAP4) vulnerabilities
Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR Address Space Layout Randomization. A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be...
USN-1793-1: Linux kernel vulnerabilities
Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR Address Space Layout Randomization. A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be...
USN-1792-1: Linux kernel vulnerabilities
Mathias Krause discovered several errors in the Linux kernel's xfrmuser implementation. A local attacker could exploit these flaws to examine parts of kernel memory. CVE-2012-6537 Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit t...
USN-1791-1: Thunderbird vulnerabilities
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a...
USN-1786-2: Unity Firefox Extension update
USN-1786-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Unity Firefox Extension. Original advisory details: Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren...
USN-1790-1: Libav vulnerabilities
It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...
USN-1786-1: Firefox vulnerabilities
Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could...
USN-1789-1: PostgreSQL vulnerabilities
Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu...
USN-1788-1: Linux kernel (Oneiric backport) vulnerabilities
Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR Address Space Layout Randomization. A local user could use this flaw to bypass ASLR to reliably deliver an exploit payload that would otherwise be stopp...
USN-1787-1: Linux kernel vulnerabilities
Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR Address Space Layout Randomization. A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be...
USN-1785-1: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking t...