10876 matches found
USN-7409-1: RubySAML vulnerabilities
It was discovered that ruby-saml did not correctly handle XML parsing. An attacker could possibly use this issue to perform a signature wrapping attack and bypass authentication. CVE-2025-25291 and CVE-2025-25292 It was discovered that ruby-saml did not correctly handle decompressing SAML...
USN-7408-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Network namespace; - Networking core; CVE-2024-56658, CVE-2024-35864, CVE-2024-26928...
USN-7408-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Network namespace; - Networking core; CVE-2024-56658, CVE-2024-35864, CVE-2024-26928...
USN-7406-3: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; CVE-2024-26928, CVE-2024-56658,...
USN-7406-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; CVE-2024-26928, CVE-2024-56658,...
USN-7406-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; CVE-2024-26928, CVE-2024-56658,...
USN-7407-1: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7405-1: InspIRCd vulnerabilities
It was discovered that InspIRCd did not correctly handle certificate fingerprints, which could lead to spoofing. A remote attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 16.04 LTS. CVE-2016-7142 It was discovered that InspIRCd did not correctly...
USN-7404-1: phpseclib vulnerabilities
It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. CVE-2021-30130 It was discovered that phpseclib did not correctly handle certain characte...
USN-7403-1: Linux kernel (HWE) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7402-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - GPU drivers; - HID subsystem; - Media drivers; - JFS file system; - Network namespace; -...
USN-7402-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - GPU drivers; - HID subsystem; - Media drivers; - JFS file system; - Network namespace; -...
USN-7401-1: Linux kernel (AWS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7392-3: Linux kernel (AWS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7384-2: Linux kernel (Azure) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7261-2: Vim vulnerability
USN-7261-1 fixed vulnerabilities in Vim. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that Vim incorrectly handled certain internal calls when scrolling a window. An attacker could possibly use this issue to cause a denial of...
USN-7379-2: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...
USN-7285-2: nginx vulnerability
USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...
USN-7400-1: PHP vulnerabilities
It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...
USN-7399-1: RabbitMQ Server vulnerability
It was discovered that RabbitMQ Server's management UI did not sanitize certain input. An attacker could possibly use this issue to inject code by performing a cross-site scripting XSS attack...
USN-7398-1: libtar vulnerabilities
It was discovered that libtar may perform out-of-bounds reads when processing specially crafted tar files. An attacker could possibly use this issue to cause libtar to crash, resulting in a denial of service, or execute arbitrary code. CVE-2021-33643, CVE-2021-33644 It was discovered that libtar...
USN-7397-1: AOM vulnerability
Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-7396-1: OVN vulnerability
Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner, and Brian Haley discovered that OVN incorrectly handled certain crafted UDP packets. A remote attacker could possibly use this issue to bypass egress ACL rules...
USN-7395-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-7376-2: MariaDB vulnerability
USN-7376-1 fixed vulnerabilities in MariaDB. This update provides the corresponding updates for Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Original advisory details: A security issue was discovered in MariaDB and this update includes a new upstream MariaDB version to fix the issue. In addition to...
USN-7394-1: Doorkeeper vulnerabilities
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...
USN-7392-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7393-1: Linux kernel (FIPS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7346-2: OpenSC regression
USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC...
USN-7392-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...
USN-7391-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Several security issues were discovered in the Linux kerne...
USN-7330-2: Ansible regression
USN-7330-1 fixed vulnerabilities in Ansible. The update introduced a regression when attempting to install Ansible on Ubuntu 16.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ansible did not properly verify certain fiel...
USN-7387-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7387-3: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7390-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-7389-1: Linux kernel (NVIDIA Tegra) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-7388-1: Linux kernel vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-7387-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7383-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; -...
USN-7386-1: Linux kernel (OEM) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7385-1: Linux kernel (IBM) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7384-1: Linux kernel (Azure) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7377-1: Smarty vulnerability
It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-7383-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; -...
USN-7382-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...
USN-7381-1: Linux kernel (Low Latency) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-7380-1: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...
USN-7379-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...
USN-7368-1: SnakeYAML vulnerability
It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...