10905 matches found
USN-5727-2: Linux kernel (GCP) vulnerabilities
It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 It was discovered that the KVM implementation in the Linux kernel did not properly handl...
USN-5686-2: Git vulnerability
USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Original advisory details: Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a cras...
USN-5732-1: Unbound vulnerability
It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service...
USN-5731-1: multipath-tools vulnerabilities
It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-41973 It was discovered that...
USN-5730-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-5638-2: Expat vulnerabilities
USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Expat incorrectly handled memory in out-of-memory situations. An attacker could possibly use this issue to cause a crash,...
USN-5729-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an...
USN-5728-1: Linux kernel vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...
USN-5727-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 It was discovered that the KVM implementation in the Linux kernel did not properly handl...
USN-5726-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitra...
LSN-0090-1: Kernel Live Patch Security Notice
David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman and Billy Jheng Bing Jhong discovered that a...
USN-5625-2: Mako vulnerability
USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for Ubuntu 22.10. Original advisory details: It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service...
USN-5725-1: Go vulnerability
Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service...
USN-5722-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled certain memory operations in the ngxhttpmp4module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. CVE-2022-41741, CVE-2022-41742...
USN-5723-1: Vim vulnerabilities
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. CVE-2022-1674 It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to...
USN-5724-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy CSP or other security restrictions, or execute...
USN-5721-1: WavPack vulnerability
It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service...
USN-5709-2: Firefox vulnerabilities
USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...
USN-5720-1: Zstandard vulnerabilities
It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data...
USN-5719-1: OpenJDK vulnerabilities
It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. CVE-2022-21619 It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this...
USN-5717-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. CVE-2022-31628 It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data CVE-2022-31629...
USN-5718-1: pixman vulnerability
Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5714-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. CVE-2022-2519,...
USN-5658-2: DHCP vulnerabilities
USN-5658-1 fixed vulnerabilities in DHCP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash,...
USN-5716-1: SQLite vulnerability
It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5715-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5713-1: Python vulnerability
Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges...
USN-5712-1: SQLite vulnerability
It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution...
USN-5711-2: NTFS-3G vulnerability
USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM. Original advisory details: Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this...
USN-5711-1: NTFS-3G vulnerability
Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges...
USN-5710-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler...
USN-5709-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2022-42927, CVE-2022-42928,...
USN-5708-1: backport-iwlwifi-dkms vulnerabilities
Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-41674 Sönke Hust...
USN-5707-1: Libtasn1 vulnerability
It was discovered that Libtasn1 did not properly perform bounds checking. An attacker could possibly use this issue to cause a crash...
USN-5705-1: LibTIFF vulnerabilities
Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. CVE-2022-3570 It was...
USN-5706-1: Linux kernel (Azure CVM) vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5704-1: DBus vulnerabilities
It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. CVE-2022-42010 It was discovered that DBus was incorrectly validating the length of arrays of fixed-lengt...
USN-5703-1: Linux kernel (Intel IoTG) vulnerabilities
Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-188...
USN-5702-2: curl vulnerability
USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications...
USN-5696-2: MySQL vulnerabilities
USN-5696-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
USN-5702-1: curl vulnerabilities
Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...
USN-5701-1: Jinja2 vulnerability
Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...
USN-5700-1: Linux kernel vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5688-2: Libksba vulnerability
USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. Original advisory details: It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of servic...
USN-5699-1: GNU C Library vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. CVE-2021-3326 It was discovered that the...
USN-5698-2: Open vSwitch vulnerability
USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash,...
USN-5698-1: Open vSwitch vulnerability
It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5697-1: Barbican vulnerability
Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy...
USN-5227-3: Pillow vulnerability
USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
USN-5696-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.40. In addition to security fixes, the updated...