10832 matches found
USN-1739-1: Linux kernel vulnerability
Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator...
USN-1738-1: Linux kernel (Oneiric backport) vulnerability
Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator...
USN-1737-1: Linux kernel (EC2) vulnerability
Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator...
USN-1736-1: Linux kernel vulnerability
Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator...
USN-1735-1: OpenJDK vulnerabilities
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. CVE-2013-0169 A...
USN-1734-1: OpenStack Nova vulnerability
Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. CVE-2013-1664...
USN-1733-1: Ruby vulnerabilities
Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. CVE-2012-5371 Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripti...
USN-1732-1: OpenSSL vulnerabilities
Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10...
USN-1731-1: OpenStack Cinder vulnerability
Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. CVE-2013-1664...
USN-1730-1: OpenStack Keystone vulnerabilities
Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. CVE-2013-0282 Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker...
USN-1729-1: Firefox vulnerabilities
Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were...
USN-1728-1: Linux kernel (EC2) vulnerability
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously...
USN-1727-1: Boost vulnerability
It was discovered that the Boost.Locale library incorrectly validated some invalid UTF-8 sequences. An attacker could possibly use this issue to bypass input validation in certain applications...
USN-1726-1: Linux kernel (OMAP4) vulnerabilities
It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. CVE-2012-2669 Dmitry Monakhov reported a race...
USN-1725-1: Linux kernel vulnerability
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously...
USN-1724-1: OpenJDK vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425,...
USN-1723-1: Qt vulnerabilities
Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, a...
USN-1722-1: jQuery vulnerability
It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting XSS issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify...
USN-1721-1: curl vulnerability
It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. If a user or automated system were tricked into processing a specially crafted URL, an attacker could cause a denial of service, or possibly execute arbitrary code. The default compiler...
USN-1720-1: Linux kernel vulnerabilities
It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. CVE-2012-2669 Dmitry Monakhov reported a race...
USN-1719-1: Linux kernel (Oneiric backport) vulnerabilities
It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. CVE-2012-2669 Dmitry Monakhov reported a race...
USN-1717-1: PostgreSQL vulnerability
Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service...
USN-1716-1: gnome-screensaver vulnerability
It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session...
USN-1681-4: Firefox regression
USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki...
USN-1715-1: OpenStack Keystone vulnerability
Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion...
USN-1714-1: QXL graphics driver vulnerability
It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service...
USN-1704-2: Linux kernel (Quantal HWE) regression
USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Brad Spengler discovered a flaw in the Linux kernel's uname system...
USN-1698-2: Linux kernel (OMAP4) regression
USN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel's handling of script...
USN-1696-2: Linux kernel regression
USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based...
USN-1700-2: Linux kernel (OMAP4) regression
USN-1700-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel's handling of script...
USN-1699-2: Linux kernel regression
USN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based...
USN-1713-1: Squid vulnerabilities
It was discovered that squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. CVE-2012-5643 It was discovered that the patch for CVE-2012-5643 was incorrect. A remote...
USN-1712-1: Inkscape vulnerabilities
It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. CVE-2012-5656 It was discovered that Inkscape...
USN-1710-1: OpenStack Glance vulnerability
Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint...
USN-1709-1: OpenStack Nova vulnerability
Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes...
USN-1708-1: libvirt vulnerabilities
Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2012-4423 Tingting Zheng discovered that libvirt incorrectly handled clean...
USN-1707-1: libssh vulnerability
Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service...
USN-1706-1: FFmpeg vulnerabilities
It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...
USN-1705-1: Libav vulnerabilities
It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...
USN-1681-3: Firefox regression
USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill...
USN-1704-1: Linux kernel (Quantal HWE) vulnerabilities
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based virtual machine subsystem's handling of the XSAVE feature. On hosts,...
USN-1703-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, th...
USN-1702-1: PHP vulnerability
It was discovered that PHP incorrectly handled the opensslencrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information...
USN-1701-1: Vino vulnerability
It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity...
USN-1700-1: Linux kernel (OMAP4) vulnerabilities
A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. CVE-2012-4530 Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not...
USN-1699-1: Linux kernel vulnerabilities
Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based virtual machine subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. CVE-2012-4461 A flaw was discovered in...
USN-1698-1: Linux kernel (OMAP4) vulnerabilities
A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. CVE-2012-4530 Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not...
USN-1696-1: Linux kernel vulnerabilities
Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based virtual machine subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. CVE-2012-4461 A flaw was discovered in...
USN-1695-1: RPM vulnerabilities
It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-1694-1: RPM vulnerability
It was discovered that RPM incorrectly handled signature checking. An attacker could create a specially-crafted rpm with an invalid signature which could pass the signature validation check...