10799 matches found
USN-7638-1: Libmobi vulnerabilities
It was discovered that Libmobi did not correctly handle certain memory operations, which could lead to a buffer overflow. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-1907, CVE-2022-1908 It was discovered that Libmobi could dereference a NULL...
USN-7641-1: Bind vulnerability
It was discovered that Bind incorrectly handled configurations where the stale-answer-client-timeout option is set to 0. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
USN-7640-1: Linux kernel (IoT) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7639-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...
USN-7585-7: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7610-3: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000, CVE-2025-3793...
USN-7637-1: libjxl vulnerabilities
It was discovered that libjxl did not perform proper bounds checking when parsing Exif tags. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service. CVE-2023-0645 It was discovered that libjxl did not perform proper bounds checking when decoding...
USN-7636-1: Roundcube Webmail vulnerability
It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and receive emails as another user...
USN-7545-3: Apport regression
USN-7545-1 fixed vulnerabilities in Apport. The update introduced a regression that raised an error if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrect...
USN-7635-1: GnuTLS vulnerabilities
It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name SAN entries containing an otherName. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-32988 It was discovered that...
USN-7634-1: GNU C Library vulnerabilities
It was discovered that the GNU C Library incorrectly handled the strcmp implementation optimized for Power10 processors. This could cause applications to crash, compute wrong results, or leak confidential information. CVE-2025-5702 It was discovered that the GNU C Library incorrectly handled the...
USN-7633-1: Nix vulnerabilities
Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-38531 Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS certificates. A remote attacker could possibly use this issue ...
USN-7608-6: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...
USN-7626-3: Git regression
USN-7626-1 fixed vulnerabilities in Git. The updates for CVE-2025-27613 and CVE-2025-46835 caused Gitk and Git GUI to not work properly on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and were disabled in USN-7626-2. The problematic updates for the aforementioned CV...
USN-7630-1: RESTEasy vulnerabilities
It was discovered that RESTEasy made insufficient use of random values in asynchronous jobs. An attacker could possibly use this issue to steal user data. This issue only affected Ubuntu 14.04 LTS. CVE-2016-6345 It was discovered that RESTEasy enabled a vulnerable GZIP decompression module by...
LSN-0113-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: ubifs: authenticatio...
USN-7626-2: Git regression
USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...
USN-7632-1: YAML-LibYAML vulnerability
It was discovered that YAML-LibYAML incorrectly handled certain file names. An attacker could possibly use this issue to overwrite arbitrary files...
USN-7631-1: DjVuLibre vulnerability
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to stop responding or crash, resulting in a denial of service, or possibly execute...
USN-7629-1: Protocol Buffers vulnerabilities
It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Python bindings. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4565 It was discovered that Protocol Buffers incorrectly handled memory when receiving...
USN-7609-4: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...
USN-7611-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-3793...
USN-7607-3: Linux kernel (KVM) vulnerabilities
It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3640 Several security issues were discovered in the Linux kernel. An...
USN-7628-1: Linux kernel (Azure) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7610-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000, CVE-2025-3793...
USN-7608-5: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...
USN-7627-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - ACPI drivers; - NILFS2 file system; - File systems infrastructure;...
USN-7627-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - ACPI drivers; - NILFS2 file system; - File systems infrastructure;...
USN-7412-2: GnuPG regression
USN-7412-1 fixed vulnerabilities in GnuPG. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated...
USN-7626-1: Git vulnerabilities
Avi Halachmi discovered that Git incorrectly managed file modification constraints with Gitk. An attacker could possibly use this issue to create or write to arbitrary files on the system. CVE-2025-27613 Avi Halachmi discovered that Git incorrectly handled arguments when invoking the Gitk utility...
USN-7594-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...
USN-7625-1: OnionShare vulnerabilities
It was discovered that OnionShare could be exploited when run with the --debug argument. A local attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19960 It was discovered that OnionShare could be blocke...
USN-7624-1: FreeRDP vulnerability
It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service...
USN-7010-2: DCMTK regression
USN-7010-1 fixed vulnerabilities in DCMTK. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into...
USN-7623-1: Ghostscript vulnerabilities
It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...
USN-7622-1: jQuery vulnerabilities
It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 14.04 LTS. CVE-2012-6708 It was discovered that jQuery did not correctly handle unsanitized source objects due ...
USN-7620-1: File::Find::Rule vulnerability
Kevin Ryde discovered that File::Find::Rule incorrectly handled certain file names. An attacker could possibly use this issue to execute arbitrary code...
USN-7619-1: libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
USN-7615-2: ClamAV vulnerabilities
USN-7615-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled scanning UDF files. A remote attacker could possibly use this issue to cause ClamAV to crash,...
USN-7609-3: Linux kernel (IBM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...
USN-7591-5: Linux kernel (Intel IoTG) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...
USN-7618-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; - Netfilter; - Network traffic control; CVE-2025-37890, CVE-2025-37918, CVE-2025-37932,...
USN-7605-2: Linux kernel (Low Latency) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7608-4: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...
USN-7617-1: libtpms vulnerability
It was discovered that libtpms did not properly manage memory when performing crafted cryptographic operations. An attacker could possibly use this issue to cause a denial of service...
USN-7585-6: Linux kernel (BlueField) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7616-1: logback vulnerabilities
It was discovered that logback could read malicious configuration files from LDAP servers. An attacker with the required permissions could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-42550 It was...
USN-7615-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled scanning UDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2025-20234 It was discovered that ClamAV incorrectly handled scanning PDF files. A remote attacker could use this...
USN-7614-1: pcs vulnerabilities
Cedric Buissart discovered that pcs did not correctly handle certain parameters. An attacker could possibly use this issue to leak sensitive information or elevate their privileges. This issue only affected Ubuntu 16.04 LTS. CVE-2018-1086 Ondrej Mular discovered that pcs did not correctly handle...
USN-7613-1: mongo-c-driver vulnerabilities
Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-6381 Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operation...