10905 matches found
USN-5610-1: rust-regex vulnerability
Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions regex it parses. An attacker could possibly use this issue to cause a denial of service...
USN-5583-2: systemd regression
USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that systemd incorrectly handled certain DNS...
USN-5609-1: .NET 6 vulnerability
Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service...
USN-5608-1: DPDK vulnerability
It was discovered that DPDK incorrectly handled certain Vhost headers. A remote attacker could possibly use this issue to cause a denial of service...
USN-5607-1: GDK-PixBuf vulnerability
It was discovered that GDK-PixBuf incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-5606-1: poppler vulnerability
It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-5523-2: LibTIFF vulnerabilities
USN-5523-1 fixed several vulnerabilities in LibTIFF. This update provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that LibTIFF was not properly perf orming...
USN-5232-1: Fail2ban vulnerability
Jakub Żoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute...
USN-5605-1: Linux kernel (Azure CVM) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5181-1: jQuery UI vulnerability
It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. CVE-2021-41184 It was discovered that jQuery U...
USN-5604-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2022-2867, CVE-2022-2869 It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly u...
USN-5603-1: Linux kernel (Raspberry Pi) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5602-1: Linux kernel (Raspberry Pi) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-4976-2: Dnsmasq vulnerability
USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Original advisory details: Petr Mensik discovered that Dnsmasq incorrectly randomized sour...
USN-5238-1: PostgreSQL JDBC Driver vulnerability
It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...
USN-5600-1: Linux kernel (HWE) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5599-1: Linux kernel (Oracle) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-5598-1: Linux kernel (Oracle) vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5597-1: Linux kernel (Oracle) vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5591-4: Linux kernel (AWS) vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5596-1: Linux kernel (OEM) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the framebuffer driver on the Linux...
USN-5595-1: Linux kernel vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5216-1: hosted-git-info vulnerability
It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service...
USN-5594-1: Linux kernel vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 Moshe Kol, Amit Klein and Yossi Gilad discovered that the I...
USN-5593-1: Zstandard vulnerability
It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-5587-1: curl vulnerability
Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host could possibly use this to cause denial-of-service...
USN-5592-1: Linux kernel vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5591-3: Linux kernel vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5591-2: Linux kernel (HWE) vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5591-1: Linux kernel vulnerability
It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5590-1: Linux kernel (OEM) vulnerability
Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service system crash...
USN-5589-1: Linux kernel vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...
USN-5190-1: GraphicsMagick vulnerabilities
It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. CVE-2019-12921 It was discovered that...
USN-5588-1: Linux kernel vulnerability
Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...
USN-5572-2: Linux kernel (AWS) vulnerabilities
Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...
USN-5585-1: Jupyter Notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
USN-4780-1: LAME vulnerabilities
It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. Eight vulnerabilities CVE-2015-9099, CVE-2015-9100, CVE-2015-9101, CVE-2017-15018, CVE-2017-11720, CVE-2017-8419, CVE-2017-9412, CVE-2017-15045 only...
USN-5586-1: SDL vulnerability
It was discovered that SDL Simple DirectMedia Layer incorrectly handled memory. An attacker could potentially use this issue to cause a denial of service or other unexpected behavior...
USN-5584-1: Schroot vulnerability
It was discovered that Schroot incorrectly handled certain Schroot names. An attacker could possibly use this issue to break schroot's internal state causing a denial of service...
USN-5583-1: systemd vulnerability
It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-2526...
USN-5582-1: Linux kernel (Azure CVM) vulnerabilities
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. CVE-2022-34918 Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux...
USN-5581-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code...
USN-5578-2: Open VM Tools vulnerability
USN-5578-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root...
USN-5580-1: Linux kernel (AWS) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...
USN-5579-1: Linux kernel vulnerabilities
Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...
USN-5290-1: Symfony vulnerabilities
James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this issue to enumerate users. CVE-2021-21424 It was discovered that Symfony incorrectly handled certain specially crafted CSV files. An attacker could possibly u...
USN-5578-1: Open VM Tools vulnerability
It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine...
LSN-0089-1: Kernel Live Patch Security Notice
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...
USN-5342-2: Python vulnerabilities
USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...
USN-5577-1: Linux kernel (OEM) vulnerabilities
Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the framebuffer driver on the Linux...