10806 matches found
USN-6343-1: Linux kernel (OEM) vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service excessive CPU consumption. CVE-2023-1206 Ross Lagerwall discovered that the Xen netback backend...
USN-6342-1: Linux kernel vulnerabilities
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...
USN-6341-1: Linux kernel vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a...
USN-6340-1: Linux kernel vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zi Fan Tan discovered that the binder IPC...
USN-6339-1: Linux kernel vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...
USN-6338-1: Linux kernel vulnerabilities
Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-21255 It was discovered that a race condition existed in th...
LSN-0097-1: Kernel Live Patch Security Notice
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-3090...
USN-6337-1: Linux kernel (Azure) vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...
USN-6336-1: Docker Registry vulnerabilities
It was discovered that Docker Registry incorrectly handled certain crafted input, which allowed remote attackers to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2017-11468 It was discovered that Docker Registry incorrectly handled certain crafted input. An attacker...
USN-6335-1: BusyBox vulnerabilities
It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary...
USN-6334-1: atftp vulnerabilities
Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. CVE-2020-6097 Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a...
USN-6333-1: Thunderbird vulnerabilities
Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An attacker could potentially exploits this issue by spoofing file extension while attaching a file in emails. CVE-2023-3417 Max Vlasov discovered that Thunderbird Offscre...
USN-6332-1: Linux kernel (Azure) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 William Zhao discovered that the Traffic Control T...
USN-6331-1: Linux kernel (Azure) vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...
USN-6330-1: Linux kernel (GCP) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6329-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6328-1: Linux kernel (Oracle) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6327-1: Linux kernel (KVM) vulnerabilities
Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...
USN-6326-1: GitPython vulnerability
It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...
USN-6325-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6324-1: Linux kernel (GKE) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6323-1: FRR vulnerability
Ben Cartwright-Cox discovered that FRR did not handle RFC 7606 attributes properly. A remote attacker could possibly use this to cause denial of service...
USN-6322-1: elfutils vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS...
USN-6321-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6263-2: OpenJDK regression
USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Motoyasu Saburi discovered that OpenJDK...
USN-6320-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-4573, CVE-2023-4574,...
USN-6319-1: AMD Microcode vulnerability
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel...
USN-6318-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6317-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6316-1: Linux kernel (OEM) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6315-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6314-1: Linux kernel vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...
USN-6313-1: FAAD2 vulnerabilities
It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277,...
USN-6312-1: Linux kernel vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...
USN-6311-1: Linux kernel vulnerabilities
William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...
USN-6310-1: json-c vulnerability
It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-6309-1: Linux kernel vulnerabilities
Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...
USN-6308-1: Libqb vulnerability
It was discovered that Libqb incorrectly handled certain messages. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-6307-1: JOSE for C/C++ vulnerability
It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service system crash or might expose sensitive information...
USN-6306-1: Fast DDS vulnerabilities
It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service and information exposure. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38425 It was discovered that Fast DDS incorrectly handled certain inputs. ...
USN-6305-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2023-3823 It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitiv...
USN-6304-1: Inetutils vulnerabilities
It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS CVE-2022-39028 It was discovered that Inetutils incorrectly handled certain inputs. An...
USN-6303-2: ClamAV vulnerability
USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue ...
USN-6303-1: ClamAV vulnerability
It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
USN-6302-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-2522, CVE-2022-2580,...
USN-6267-3: Firefox regressions
USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...
USN-6301-1: Linux kernel vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...
USN-6300-1: Linux kernel vulnerabilities
William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...
USN-6299-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2020-36023, CVE-2020-36024...
USN-6294-2: HAProxy vulnerability
USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...