10876 matches found
USN-7157-2: PHP regression
USN-7157-1 fixed vulnerabilities in PHP. The patch for CVE-2024-8932 caused a regression in php7.4. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker coul...
USN-7157-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. CVE-2024-11233 It was discovered that PHP incorrectly handled certain HTTP request...
USN-7158-1: Smarty vulnerabilities
It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...
USN-7159-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...
USN-7156-1: Linux kernel (GKE) vulnerabilities
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...
USN-7155-1: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...
USN-7154-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...
USN-7153-1: PHP vulnerability
It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. CVE-2024-11236...
USN-7108-2: AsyncSSH vulnerabilities
USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...
USN-7151-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages leading to a stack overflow. A remote attacker could potentially use this issue to cause a denial of service. CVE-2023-4232, CVE-2023-4235...
USN-7150-1: Tornado vulnerabilities
It was discovered that Tornado incorrectly handled a certain redirect. A remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS,...
USN-7149-1: Intel Microcode vulnerabilities
Avraham Shalev and Nagaraju N Kodalapura discovered that some IntelR XeonR processors did not properly restrict access to the memory controller when using IntelR SGX. This may allow a local privileged attacker to further escalate their privileges. CVE-2024-21820, CVE-2024-23918 It was discovered...
USN-7148-1: Linux kernel vulnerabilities
Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information kernel memory. Several security issues were discovered in the Linux kernel. An attacker could...
USN-7147-1: Apache Shiro vulnerabilities
It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An attacker could possibly use this issue to obtain sensitive information or administrative privileges. This update provides the corresponding fix for Ubuntu 24.04 LTS and...
USN-7146-1: Dogtag PKI vulnerabilities
Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...
USN-7145-1: Expat vulnerability
It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...
USN-7141-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages leading to a stack overflow. A remote attacker could potentially use this issue to cause a denial of service. CVE-2023-2794, CVE-2023-4233, CVE-2023-4234...
USN-7144-1: Linux kernel (Intel IoTG) vulnerabilities
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...
USN-7143-1: RabbitMQ Server vulnerabilities
Christian Rellmann discovered that RabbitMQ Server did not properly sanitize user input when adding a new user via the management UI. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. CVE-2021-32718 Fahimhusain Raydurg discovered that...
USN-7142-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-7140-1: Tinyproxy vulnerability
It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used...
USN-7117-3: needrestart regression
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem for LXC containers. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library...
USN-7139-1: Apache Shiro vulnerability
It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...
USN-7138-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-7137-1: recutils vulnerabilities
It was discovered that recutils incorrectly handled memory when parsing comments with the recparser utility. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. CVE-2021-46019, CVE-2021-46021, CVE-2021-46022 It was discovered that recutils incorrectly...
USN-7136-2: Django vulnerability
USN-7136-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Djan...
USN-7136-1: Django vulnerabilities
jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. CVE-2024-53907 Seokchan Yoon discovered that Django incorrectly handled HasKey lookups when using Oracl...
USN-7135-1: HAProxy vulnerability
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions...
USN-7134-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-11692, CVE-2024-11694,...
USN-7133-1: HAProxy vulnerability
Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...
USN-7132-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...
USN-6846-2: Ansible regression
USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ansible incorrectly handled certain inputs when using towercallback parameter. If a user...
USN-7131-1: Vim vulnerability
It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service...
USN-7092-2: mpg123 vulnerability
USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or...
USN-7126-1: libsoup vulnerabilities
It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. CVE-2024-52530 It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An...
USN-7127-1: libsoup3 vulnerabilities
It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-52530 It was discovered that libsoup did not...
USN-7130-1: GitHub CLI vulnerability
It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...
USN-6988-2: Twisted vulnerability
USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Ben Kallus discovered that Twisted incorrectly handled...
USN-7129-1: TinyGLTF vulnerability
It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...
USN-7128-1: Pygments vulnerability
Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...
USN-7117-2: needrestart regression
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which...
USN-7125-1: RapidJSON vulnerability
It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...
USN-7121-3: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...
USN-7124-1: OpenJDK 23 vulnerabilities
Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 23 did not...
USN-7015-6: Python regressions
USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special...
USN-7120-3: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...
USN-7118-1: ZBar vulnerabilities
It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...
USN-7091-2: Ruby vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...
USN-7120-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...
USN-7121-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...