10875 matches found
USN-7566-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-7565-1: libsoup vulnerabilities
It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2024-52531 It was discovered that libsoup could enter...
USN-7563-1: .NET vulnerability
It was discovered that .NET did not properly validate search path in Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue to execute arbitrary code...
USN-7564-1: Samba vulnerability
It was discovered that Samba incorrectly handled certain group membership changes when using Kerberos authentication. A remote user could possibly use this issue to continue to access resources after being removed by an administrator...
USN-7553-6: Linux kernel (Azure FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7553-5: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7553-4: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7550-6: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-53168, CVE-2024-56551...
USN-7562-1: Tomcat vulnerabilities
It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on...
USN-7561-1: AMD Microcode vulnerabilities
It was discovered that AMD Microcode incorrectly handled memory addresses. An attacker with local administrator privilege could possibly use this issue to cause loss of integrity of a confidential guest running under AMD SEV-SNP. CVE-2023-20584, CVE-2023-31356 Josh Eads, Kristoffer Janke, Eduardo...
USN-7560-1: AMD Microcode vulnerability
Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running unde...
USN-7559-1: systemd vulnerability
Qualys discovered that systemd incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to expose sensitive information...
USN-7545-2: Apport regression
USN-7545-1 fixed a vulnerability in Apport. The update introduced a regression that prevented core dumps from being generated inside containers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metadata...
USN-7553-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7558-1: GStreamer Bad Plugins vulnerabilities
It was discovered that the AV1 codec plugin in GStreamer could be made to write out of bounds. An attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS...
USN-7550-5: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-56551, CVE-2024-53168...
USN-7556-1: Bootstrap vulnerabilities
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...
USN-7555-1: Django vulnerability
It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection...
USN-7554-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2...
USN-7554-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2...
USN-7554-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2...
USN-7553-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7553-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file...
USN-7550-4: Linux kernel (Azure CVM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-53168, CVE-2024-56551, CVE-2024-56608...
USN-7552-1: Wireshark vulnerabilities
It was discovered that Wireshark did not correctly handle recursion. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...
USN-7551-1: libvpx vulnerability
It was discovered that libvpx did not properly manage memory. An attacker could possibly use this issue to cause applications using libvpx to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-7550-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-53168, CVE-2024-56551, CVE-2024-56608...
USN-7550-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-56551, CVE-2024-53168...
USN-7550-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-56551, CVE-2024-53168...
USN-7508-2: Open VM Tools vulnerability
USN-7508-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS Original advisory details: It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to...
USN-7549-1: Twig vulnerability
It was discovered that Twig did not correctly handle securing user input. An attacker could possibly use this issue to cause Twig to expose sensitive information if it opened a specially crafted file. CVE-2024-45411...
USN-7548-1: MariaDB vulnerabilities
Several security issues were discovered in MariaDB and this update includes a new upstream MariaDB version to fix these issues. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...
USN-7547-1: Tornado vulnerability
It was discovered that Tornado inefficiently handled requests when parsing certain form data. An attacker could possibly use this issue to increase resource utilization leading to a denial of service. This issue was only addressed in Ubuntu 24.04 LTS and Ubuntu 22.04 LTS. CVE-2025-47287...
USN-7516-9: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...
USN-7510-8: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...
USN-7545-1: Apport vulnerability
Qualys discovered that Apport incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to leak sensitive information...
USN-7530-1: ADOdb vulnerability
It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...
USN-7516-8: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...
USN-7516-7: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...
USN-7513-5: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...
LSN-0112-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfssetlease. A delegation break runs a callback which immediately in nfsd4cbrecallprepare adds the delegation to delrecalllru...
USN-7537-2: net-tools regression
USN-7537-1 fixed a vulnerability in net-tools that caused a regression. This update fixes the problem. Original advisory details: It was discovered that net-tools incorrectly handled certain inputs. An attacker could possible use this issue to cause a crash or execute arbitrary code...
USN-7544-1: Setuptools vulnerability
It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem...
USN-7542-1: Kerberos vulnerability
It was discovered that Kerberos allowed the usage of weak cryptographic standards. An attacker could possibly use this issue to expose sensitive information. This update introduces the allowrc4 and allowdes3 configuration options, and disables the usage of RC4 and 3DES ciphers by default. Users a...
USN-7543-1: libsoup vulnerabilities
Jan Różański discovered that libsoup incorrectly handled certain headers when sending HTTP/2 requests over TLS. An attacker could possibly use this issue to cause a denial of service. This issue only affected libsoup3 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. CVE-2025-32908 Jan Różańsk...
USN-7541-1: GNU C Library vulnerability
It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid binary calls dlopen. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-7540-1: Linux kernel (Raspberry Pi) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7539-1: Linux kernel (Raspberry Pi) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7510-7: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...
USN-7513-4: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...