10927 matches found
USN-1596-1: Python 2.6 vulnerabilities
It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...
USN-1595-1: libxslt vulnerabilities
Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10....
USN-1576-2: DBus regressions
USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered...
USN-1594-1: Linux kernel (Oneiric backport) vulnerabilities
Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference leak when PID namespaces are used. A remote attacker could exploit this flaw causing a denial of service. CVE-2012-2127 A flaw was found in how the Linux kernel's KVM Kernel-based Virtual Machine subsystem handled MSI Messa...
USN-1593-1: devscripts vulnerabilities
Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. CVE-2012-0212 Raphael Geissert discovered that the...
USN-1592-1: Python 2.7 vulnerabilities
Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. CVE-2011-1521 It was...
USN-1591-1: xdiagnose update
Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In th...
USN-1590-1: QEMU vulnerability
It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host...
USN-1589-1: GNU C Library vulnerabilities
It was discovered that positional arguments to the printf family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. CVE-2012-3404, CVE-2012-3405,...
USN-1588-1: Software Properties vulnerability
It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys...
USN-1551-2: Thunderbird regressions
USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland...
USN-1587-1: libxml2 vulnerability
Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the...
USN-1586-1: Emacs vulnerabilities
Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. CVE-2012-0035 Paul Ling discovered that Emacs incorrectly handled...
USN-1585-1: FreeRADIUS vulnerability
Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...
USN-1584-1: Transmission vulnerability
Justin C. Klein Keane discovered that the Transmission web client incorrectly escaped certain strings. If a user were tricked into opening a specially crafted torrent file, an attacker could possibly exploit this to conduct cross-site scripting XSS attacks...
USN-1583-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2011-1005 John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates...
USN-1582-1: RubyGems vulnerabilities
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...
USN-1581-1: Ghostscript vulnerability
Marc Schönefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges...
USN-1580-1: Linux kernel (OMAP4) vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1579-1: Linux kernel vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1578-1: Linux kernel (OMAP4) vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1577-1: Linux kernel (OMAP4) vulnerabilities
A flaw was discovered in the Linux kernel's KVM kernel virtual machine. An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. CVE-2012-2121 Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segme...
USN-1576-1: DBus vulnerability
Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges...
USN-1575-1: Linux kernel (Oneiric backport) vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1574-1: Linux kernel (Natty backport) vulnerabilities
A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service panic. CVE-2012-2745 Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP...
USN-1573-1: Linux kernel (EC2) vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1572-1: Linux kernel vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1571-1: DHCP vulnerability
Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. CVE-2012-3955 Dan Rosenberg discovered...
USN-1570-1: GnuPG vulnerability
It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id...
USN-1569-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. CVE-2011-1398, CVE-2012-4388 It was discovered that PHP incorrectly handled directories...
USN-1568-1: Linux kernel vulnerabilities
Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...
USN-1567-1: Linux kernel vulnerabilities
A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service panic. CVE-2012-2745 Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP...
USN-1566-1: Bind vulnerability
It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service...
USN-1565-1: OpenStack Horizon vulnerability
Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication...
USN-1564-1: OpenStack Keystone vulnerability
Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked...
USN-1548-2: Firefox regression
USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherlan...
USN-1563-1: Linux kernel (Oneiric backport) vulnerability
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. CVE-2012-2372 Mathias Krause discovered an information leak in the Linux kernel's TUN/TAP device driver. A local user could...
USN-1562-1: Linux kernel (Natty backport) vulnerability
Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system...
USN-1527-2: XML-RPC for C and C++ vulnerabilities
USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Exp...
USN-1561-1: ubiquity-slideshow-ubuntu vulnerability
Paul Mutton discovered that ubiquity-slideshow-ubuntu incorrectly handled the Twitter feed displayed during system installation. A remote attacker could use this flaw to inject code into the Twitter feed and read arbitrary files off the filesystem during system installation. This flaw has been...
USN-1560-1: Django vulnerabilities
It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting XSS attacks. CVE-2012-3442 It was discovered that Django incorrectly handled...
USN-1559-1: GIMP vulnerabilities
Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. CVE-2012-3236 Murray McAllister discovered that GIMP incorrectly handled malformed KiSS...
USN-1558-1: Linux kernel (OMAP4) vulnerability
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. CVE-2012-2372 Mathias Krause discovered an information leak in the Linux kernel's TUN/TAP device driver. A local user could...
USN-1557-1: Linux kernel vulnerability
Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system...
USN-1556-1: Linux kernel (EC2) vulnerabilities
Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. CVE-2012-0044 A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this...
USN-1555-1: Linux kernel vulnerabilities
Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. CVE-2012-0044 A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this...
USN-1554-1: Linux kernel vulnerability
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. CVE-2012-2372 Mathias Krause discovered an information leak in the Linux kernel's TUN/TAP device driver. A local user could...
USN-1553-1: OpenJDK 6 vulnerabilities
It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. CVE-2012-1682 It was discovered that functionality in the...
USN-1552-1: OpenStack Keystone vulnerabilities
Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. CVE-2012-3542 Derek Higgins discovered that OpenStack Keysto...
USN-1551-1: Thunderbird vulnerabilities
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could...