10832 matches found
USN-1015-1: libvpx vulnerability
Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...
USN-1008-4: libvirt regression
USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'hostdevice' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old...
USN-1014-1: Pidgin vulnerabilities
Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS...
USN-1013-1: FreeType vulnerabilities
Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubunt...
USN-1012-1: CUPS vulnerability
Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol IPP packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolat...
USN-1011-3: Xulrunner vulnerability
USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of...
USN-1010-1: OpenJDK vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. USN-923-1 disabled SSL/TLS renegotiation...
USN-1011-2: Thunderbird vulnerability
USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of...
USN-1011-1: Firefox vulnerability
Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program...
USN-959-2: PAM vulnerability
USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Original advisory details: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploi...
USN-1008-3: libvirt update
USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04 LTS reverted a recent bug fix update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the define...
USN-1009-1: GNU C Library vulnerabilities
Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LDAUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. CVE-2010-3847, CVE-2010-3856...
USN-1008-2: Virtinst update
Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not...
USN-1008-1: libvirt vulnerabilities
It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor...
USN-998-1: Thunderbird vulnerabilities
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the...
USN-997-1: Firefox and Xulrunner vulnerabilities
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...
USN-1007-1: NSS vulnerabilities
Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a...
USN-1000-1: Linux kernel vulnerabilities
Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a...
USN-1006-1: WebKit vulnerabilities
A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-1005-1: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the progra...
USN-1004-1: Django vulnerability
It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting XSS vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote...
USN-1002-2: PostgreSQL vulnerability
USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote...
USN-1003-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled return codes from the bnwexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06...
USN-1002-1: PostgreSQL vulnerability
It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege...
USN-1001-1: LVM2 vulnerability
The cluster logical volume manager daemon clvmd in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster...
USN-999-1: Kerberos vulnerability
Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service...
USN-996-1: Mako vulnerability
It was discovered that Mako incorrectly filtered single-quote characters when performing html filtering. An attacker could utilize this to perform cross-site scripting attacks...
USN-995-1: libMikMod vulnerabilities
It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. CVE-2007-6720 It was discovered that libMikMod incorrectly handled certain malformed XM files. If a user...
USN-994-1: libHX vulnerability
It was discovered that libHX incorrectly handled certain parameters to the HXsplit function. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with the privileges of the user. The default compiler options for affected releases should reduce the...
USN-993-1: libgdiplus vulnerability
Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...
USN-992-1: Avahi vulnerabilities
It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only...
USN-991-1: quassel vulnerability
Jima discovered that quassel would respond to a single privmsg containing multiple CTCP requests with multiple NOTICEs, possibly resulting in a denial of service against the IRC connection...
USN-990-2: Apache vulnerability
USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow...
USN-990-1: OpenSSL vulnerability
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for...
USN-989-1: PHP vulnerabilities
Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. CVE-2010-0397 It was discovered that the...
USN-986-3: dpkg vulnerability
USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2 and needed to be rebuilt to use the updated libbz2. Original advisory details: An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker...
USN-986-2: ClamAV vulnerability
USN-986-1 fixed a vulnerability in bzip2. This update provides the corresponding update for ClamAV. Original advisory details: An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any...
USN-986-1: bzip2 vulnerability
An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program...
USN-988-1: Linux kernel vulnerabilities
Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. CVE-2010-3081 Ben Hawkes...
USN-978-2: Thunderbird regression
USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker...
USN-975-2: Firefox and Xulrunner regression
USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Firefox. An...
USN-987-1: Samba vulnerability
Andrew Bartlett discovered that Samba did not correctly validate the length when parsing SIDs. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code with the privileges of the Samba service smbd. The default compil...
USN-975-1: Firefox and Xulrunner vulnerabilities
Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 Blake Kaplan and Michal Zalewski discovered several weaknesses in t...
USN-978-1: Thunderbird vulnerabilities
Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 It was discovered that the XPCSafeJSObjectWrapper SJOW security...
USN-985-1: mountall vulnerability
Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user...
USN-984-1: LFTP vulnerability
It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run...
USN-983-1: Sudo vulnerability
Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the RunasSpec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that...
USN-982-1: Wget vulnerability
It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name e.g. .wgetrc, and possibly run arbitrary co...
USN-981-1: libwww-perl vulnerability
It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory...
USN-980-1: bogofilter vulnerability
Julius Plenz discovered that bogofilter incorrectly handled certain malformed encodings. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service...