10889 matches found
USN-6005-2: Sudo vulnerabilities
USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could...
USN-6110-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...
USN-6097-1: Linux PTP vulnerability
It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service...
USN-6109-1: Linux kernel (Raspberry Pi) vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6054-2: Django vulnerability
USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker...
USN-6108-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. CVE-2021-34055 Kyle Brown discovered that Jhead did not properly handle certain crafted images while...
USN-6105-2: ca-certificates update
USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version o...
USN-6106-1: calamares-settings-ubuntu vulnerability
It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations...
USN-6105-1: ca-certificates update
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle...
USN-6104-1: PostgreSQL vulnerabilities
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. CVE-2023-2454 Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security...
USN-6103-1: JSON Schema vulnerability
It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code...
USN-6102-1: xmldom vulnerabilities
It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...
USN-6074-3: Firefox regressions
USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...
USN-6101-1: GNU binutils vulnerabilities
It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. CVE-2023-1579 It was discovered that GNU binutils did not properly verify the version definitio...
USN-6100-1: HTML::StripScripts vulnerability
It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service ReDoS...
USN-5996-2: Libloius vulnerabilities
USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2023-26767,...
USN-6098-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. CVE-2019-19035 It was discovered that Jhead did not properly...
USN-6088-2: runC vulnerabilities
USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. CVE-2019-19921...
USN-6042-2: Cloud-init regression
USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Golovich discovered that sensitive data could be...
USN-5725-2: Go vulnerability
USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this...
USN-6073-9: os-brick regression
USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that...
USN-6073-8: Nova regression
USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that Nova...
USN-6099-1: ncurses vulnerabilities
It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17594 It was discovered that...
USN-6073-7: Glance_store regression
USN-6073-2 fixed a vulnerability in Glancestore. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered th...
USN-6073-6: Cinder regression
USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that...
USN-6096-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...
USN-6095-1: Linux kernel vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...
USN-6094-1: Linux kernel vulnerabilities
Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...
USN-6093-1: Linux kernel (BlueField) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
USN-5900-2: tar vulnerability
USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. Original advisory details: It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash...
USN-6092-1: Linux kernel (Azure) vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...
USN-6091-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...
USN-6107-1: Linux kernel (GCP) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
USN-6090-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...
USN-6089-1: Linux kernel (OEM) vulnerability
It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code...
USN-6088-1: runC vulnerabilities
It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. CVE-2023-25809 It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could...
USN-6087-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possily use this issue to cause a deni...
USN-6086-1: minimatch vulnerability
It was discovered that minimatch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
USN-6085-1: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...
USN-6084-1: Linux kernel vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...
USN-6083-1: cups-filters vulnerability
It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code...
USN-6050-2: Git vulnerabilities
USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to...
USN-6082-1: EventSource vulnerability
It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information...
USN-6081-1: Linux kernel vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...
USN-6080-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...
USN-6079-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...
USN-6078-1: libwebp vulnerability
Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute...
USN-6077-1: OpenJDK vulnerabilities
Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2023-21930 It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could...
USN-6076-1: Synapse vulnerabilities
It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2019-18835, CVE-2018-12291, CVE-2018-10657 It was...
USN-6074-2: Firefox regressions
USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...