Lucene search
K
UbuntuRecent

10927 matches found

Ubuntu
Ubuntu
added 2012/04/04 8:49 p.m.68 views

USN-1416-1: tiff vulnerabilities

Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of...

6.8CVSS8.3AI score0.06918EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/04/03 5:13 p.m.72 views

USN-1400-4: Thunderbird regressions

USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird version caused a regression in IMAP connections and mail filtering. This update fixes the problem. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links on...

8.8AI score
Exploits0References2
Ubuntu
Ubuntu
added 2012/04/02 4:54 p.m.43 views

USN-1414-1: Aptdaemon vulnerability

It was discovered that Aptdaemon incorrectly handled installing packages without performing a transaction simulation. An attacker could possibly use this flaw to install altered packages...

4.3CVSS5.4AI score0.01211EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/29 5:15 p.m.36 views

USN-1197-8: ca-certificates-java regression

USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dutch Certificate Authority DigiNotar had mis-issued...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/03/29 4:16 p.m.56 views

USN-1413-1: Nova vulnerability

Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file...

4CVSS5.3AI score0.02073EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/03/29 3:39 p.m.78 views

USN-1412-1: Linux kernel vulnerability

Somnath Kotur discovered an error in the Linux kernel's VLAN virtual lan and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service...

4.6CVSS5.4AI score0.00816EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/27 5:21 p.m.39 views

USN-1197-7: ca-certificates-java vulnerability

USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. Original advisory details: It was discovered that Dutch Certificate Authority...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/03/27 12:21 p.m.71 views

USN-1409-1: Linux kernel (Oneiric backport) vulnerabilities

Somnath Kotur discovered an error in the Linux kernel's VLAN virtual lan and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. CVE-2011-3347...

4.6CVSS5.4AI score0.00816EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/27 12:10 p.m.28 views

USN-1406-1: Linux kernel vulnerabilities

This USN was released in error and has been removed...

5.2AI score
Exploits0
Ubuntu
Ubuntu
added 2012/03/27 11:48 a.m.62 views

USN-1411-1: Linux kernel vulnerability

Louis Rilling discovered a flaw in Linux kernel's clone command when CLONEIO is specified. An unprivileged local user could exploit this to cause a denial of service...

5.5CVSS5.6AI score0.00468EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/03/27 11:42 a.m.53 views

USN-1410-1: Linux kernel (EC2) vulnerability

Louis Rilling discovered a flaw in Linux kernel's clone command when CLONEIO is specified. An unprivileged local user could exploit this to cause a denial of service...

5.5CVSS5.6AI score0.00468EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/03/27 11:31 a.m.66 views

USN-1408-1: Linux kernel (FSL-IMX51) vulnerability

Louis Rilling discovered a flaw in Linux kernel's clone command when CLONEIO is specified. An unprivileged local user could exploit this to cause a denial of service...

5.5CVSS5.6AI score0.00468EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/03/27 10:54 a.m.40 views

USN-1407-1: Linux kernel vulnerabilities

This USN was released in error and has been removed...

5.2AI score
Exploits0
Ubuntu
Ubuntu
added 2012/03/27 10:21 a.m.100 views

USN-1405-1: Linux kernel vulnerabilities

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in the Linux kernel's ext4 file system wh...

7.1CVSS6.4AI score0.02678EPSS
Exploits2
Ubuntu
Ubuntu
added 2012/03/27 9:26 a.m.69 views

USN-1404-1: Linux kernel (OMAP4) vulnerability

Somnath Kotur discovered an error in the Linux kernel's VLAN virtual lan and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. CVE-2011-3347 A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A...

7.1CVSS7.9AI score0.02678EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/23 9:57 a.m.79 views

USN-1401-2: Thunderbird vulnerabilities

USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. Original advisory details: It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a...

9.3CVSS8.7AI score0.69882EPSS
Exploits11References1
Ubuntu
Ubuntu
added 2012/03/23 3:48 a.m.80 views

USN-1403-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. CVE-2012-1126 Mateusz Jurczyk discovered that FreeType did not correctly handle...

10CVSS5.8AI score0.05637EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/22 3:36 p.m.57 views

USN-1402-1: libpng vulnerability

It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the progra...

8.8CVSS8.3AI score0.03596EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/21 10:47 p.m.80 views

USN-1400-3: Thunderbird vulnerabilities

USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site...

9.3CVSS8.8AI score0.0663EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2012/03/19 8:32 a.m.70 views

USN-1401-1: Xulrunner vulnerabilities

It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of...

9.3CVSS8.7AI score0.69882EPSS
Exploits11References1
Ubuntu
Ubuntu
added 2012/03/16 9:8 p.m.86 views

USN-1400-2: ubufox update

USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, throug...

8.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/03/16 8:55 p.m.75 views

USN-1400-1: Firefox vulnerabilities

Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting XSS, exploit this to modify the contents or steal confidential data. CVE-2012-0455 Atte Kettunen discovered a use-after-free...

9.3CVSS8.5AI score0.0663EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2012/03/13 1:33 p.m.44 views

USN-1399-2: Light Display Manager vulnerability

Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files...

2.1CVSS5.5AI score0.00762EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/13 1:28 p.m.71 views

USN-1399-1: gdm-guest-session vulnerability

Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files...

2.1CVSS5.4AI score0.00762EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/12 10:42 p.m.69 views

USN-1398-1: LTSP Display Manager vulnerability

Tenho Tuhkala discovered that the LTSP Display Manager ldm incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen...

10CVSS5.5AI score0.04836EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/12 2:37 p.m.118 views

USN-1397-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security...

8.5CVSS6.9AI score0.69552EPSS
Exploits23
Ubuntu
Ubuntu
added 2012/03/09 5:58 p.m.74 views

USN-1396-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. CVE-2009-5029 It was discovered that the GNU C...

7.5CVSS7.9AI score0.14323EPSS
Exploits15
Ubuntu
Ubuntu
added 2012/03/08 5:57 p.m.44 views

USN-1395-1: PyPAM vulnerability

Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code...

7.5CVSS5.8AI score0.14294EPSS
Exploits6
Ubuntu
Ubuntu
added 2012/03/07 5:12 p.m.81 views

USN-1394-1: linux-ti-omap4 vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. CVE-2011-1927 Vegard Nossum discovered a leak in the kernel's inotifyinit system call. A local, unprivileged user could exploit...

7.8CVSS6.7AI score0.02591EPSS
Exploits9
Ubuntu
Ubuntu
added 2012/03/07 4:27 p.m.54 views

USN-1392-1: Linux kernel (FSL-IMX51) vulnerability

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges...

7.2CVSS5.2AI score0.00403EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/07 4:14 p.m.56 views

USN-1391-1: Linux kernel (Marvell DOVE) vulnerability

A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system...

5.5CVSS6.1AI score0.00399EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/03/06 7:31 p.m.77 views

USN-1390-1: Linux kernel vulnerabilities

Dan Rosenberg reported errors in the OSS Open Sound System MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. CVE-2011-1476 Dan Rosenberg reported errors in the kernel's OSS Open Sound System driver for Yamaha FM synthesizer chips. A local user can...

7.2CVSS7.7AI score0.00499EPSS
Exploits5
Ubuntu
Ubuntu
added 2012/03/06 7:2 p.m.79 views

USN-1389-1: Linux kernel vulnerabilities

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in KVM's Programmable Interval Timer PIT...

7.1CVSS6.8AI score0.02678EPSS
Exploits5
Ubuntu
Ubuntu
added 2012/03/06 6:38 p.m.84 views

USN-1388-1: Linux kernel (EC2) vulnerabilities

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in KVM's Programmable Interval Timer PIT...

7.1CVSS6.8AI score0.02678EPSS
Exploits5
Ubuntu
Ubuntu
added 2012/03/06 6:25 p.m.76 views

USN-1387-1: Linux kernel (Maverick backport) vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. CVE-2011-1927 A flaw was found in the Linux Ethernet bridge's handling of IGMP Internet Group Management Protocol packets. An...

7.8CVSS6.8AI score0.02591EPSS
Exploits8
Ubuntu
Ubuntu
added 2012/03/06 6:0 p.m.91 views

USN-1386-1: Linux kernel (Natty backport) vulnerabilities

The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. CVE-2011-2498 A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged...

7.8CVSS7AI score0.20492EPSS
Exploits11
Ubuntu
Ubuntu
added 2012/03/06 4:15 p.m.47 views

USN-1385-1: APT vulnerability

Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could...

4.3CVSS5.3AI score0.01335EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/03/06 3:50 p.m.97 views

USN-1384-1: Linux kernel (Oneiric backport) vulnerabilities

A bug was discovered in the Linux kernel's calculation of OOM Out of memory scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. CVE-2011-4097 Paolo Bonzini...

7.8CVSS6.8AI score0.20492EPSS
Exploits13
Ubuntu
Ubuntu
added 2012/03/06 2:52 p.m.69 views

USN-1383-1: Linux kernel (OMAP4) vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. CVE-2011-1927 Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit...

7.2CVSS5.7AI score0.02591EPSS
Exploits6
Ubuntu
Ubuntu
added 2012/03/05 2:6 p.m.30 views

USN-1382-1: Light Display Manager vulnerability

Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/03/01 3:35 p.m.26 views

USN-1381-1: Ubuntu One Couch vulnerability

It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/03/01 9:7 a.m.76 views

USN-1373-2: OpenJDK 6 (ARM) vulnerabilities

USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM armel. This provides the corresponding OpenJDK 6 update for use with the ARM armel architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Original adviso...

10CVSS8.2AI score0.98113EPSS
Exploits19
Ubuntu
Ubuntu
added 2012/02/29 1:15 a.m.97 views

USN-1380-1: Linux kernel vulnerabilities

A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. CVE-2011-2518 A bug was discovered in the Linux kernel's calculation of OOM Out of memory scores, that would result in the wrong process being killed. ...

7.8CVSS6.4AI score0.20492EPSS
Exploits8
Ubuntu
Ubuntu
added 2012/02/28 11:48 p.m.57 views

USN-1379-1: Linux kernel vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. CVE-2011-1927 A flaw was found in the Linux Ethernet bridge's handling of IGMP Internet Group Management Protocol packets. An...

5CVSS5.3AI score0.02591EPSS
Exploits5
Ubuntu
Ubuntu
added 2012/02/28 4:31 p.m.72 views

USN-1378-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. CVE-2012-0866 It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32...

6.8CVSS7.8AI score0.03625EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/02/28 3:33 a.m.64 views

USN-1377-1: Ruby vulnerabilities

Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...

7.8CVSS7.1AI score0.04246EPSS
Exploits5
Ubuntu
Ubuntu
added 2012/02/27 11:46 p.m.62 views

USN-1376-1: libxml2 vulnerability

Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service...

5CVSS8.2AI score0.0326EPSS
Exploits0
Ubuntu
Ubuntu
added 2012/02/27 1:29 p.m.49 views

USN-1375-1: httplib2 vulnerability

The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2012/02/24 3:6 p.m.63 views

USN-1374-1: Samba vulnerability

Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code...

7.9CVSS7.7AI score0.06499EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/02/24 10:35 a.m.90 views

USN-1373-1: OpenJDK 6 vulnerabilities

It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. CVE-2011-5035 ATTENTION: this update changes previous Java...

10CVSS8.2AI score0.98113EPSS
Exploits19
Total number of security vulnerabilities10927