10905 matches found
USN-5159-1: bl vulnerability
It was discovered that bl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...
USN-4987-2: ExifTool vulnerability
USN-4987-1 fixed a vulnerability in ExifTool. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or...
USN-5223-2: Apache Log4j 1.2 vulnerability
USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker coul...
USN-5276-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA graphics drivers incorrectly handled permissions in the kernel mode layer. A local attacker could use this issue to write to protected memory and cause a denial of service...
USN-4754-5: Python vulnerability
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain inputs. A...
USN-5143-1: Leptonica vulnerability
It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact...
USN-5275-1: BlueZ vulnerability
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. CVE-2022-0204...
USN-5274-1: Simple DirectMedia Layer vulnerabilities
It was discovered that Simple DirectMedia Layer library incorrectly handled memory when parsing certain specially crafted .BMP files. An attacker could possibly use these issues to crash the application or execute arbitrary code...
USN-5269-2: Django vulnerabilities
USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to...
USN-5258-1: WeeChat vulnerabilities
Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...
USN-5262-1: GPT fdisk vulnerabilities
The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation...
USN-5264-1: Graphviz vulnerabilities
It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. CVE-2018-10196, CVE-2019-11023 It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially...
USN-5030-2: Perl DBI module vulnerabilities
USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker...
USN-5270-2: MySQL vulnerabilities
USN-5270-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
USN-5270-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.28 in Ubuntu 20.04 LTS and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.37. In addition to security fixes, the updated packages...
USN-5269-1: Django vulnerabilities
Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2022-22818 Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issu...
USN-5260-3: Samba vulnerability
USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issu...
USN-5268-1: Linux kernel vulnerabilities
Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization. CVE-2021-20322 It was discovered that the Bluetooth...
USN-5265-1: Linux kernel vulnerabilities
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 It was discovered that the Bluetooth subsystem in the Linux...
USN-5267-1: Linux kernel vulnerabilities
It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-3640 Likang Luo discovered that a race condition existed in the...
USN-5266-1: Linux kernel (GKE) vulnerabilities
It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Luo Likang discovered that the FireDTV Firewire...
USN-5261-1: Phusion Passenger vulnerabilities
It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...
USN-5259-1: Cron vulnerabilities
It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. CVE-2017-9525 Florian Weimer discovered that Cron incorrectly handled...
USN-5260-2: Samba vulnerability
Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. CVE-2021-44142...
USN-5260-1: Samba vulnerabilities
Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. CVE-2021-44142 Michael Hanselmann discovered that Samb...
USN-5257-1: ldns vulnerabilities
It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2020-19860, CVE-2020-19861...
USN-5255-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-5064-2: GNU cpio vulnerability
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...
USN-5254-1: shadow vulnerabilities
It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2017-12424 It was discovered that shadow incorrectly handled certain...
USN-5247-1: Vim vulnerabilities
It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. CVE-2021-3973 It was...
USN-5193-2: X.Org X Server vulnerabilities
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause t...
USN-5252-2: PolicyKit vulnerability
USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue t...
USN-5252-1: PolicyKit vulnerability
It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator...
USN-4586-2: PHP ImageMagick vulnerability
USN-4586-1 fixed vulnerabilities in PHP ImageMagick. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick...
USN-5250-2: strongSwan vulnerability
USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause...
USN-5250-1: strongSwan vulnerability
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication...
USN-5230-1: App::cpanminus vulnerability
It was discovered that App::cpanminus did not properly verify CHECKSUMS files. An attacker could possibly use this issue to bypass signature verification, gaining access to sensitive data or possibly executing unauthorized code...
USN-5248-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions,...
USN-5249-1: USBView vulnerability
It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service...
USN-5246-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security...
USN-5244-1: DBus vulnerability
Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...
USN-5243-2: AIDE vulnerability
USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash,...
USN-5243-1: AIDE vulnerability
David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5242-1: Open vSwitch vulnerability
It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service...
USN-5021-2: curl vulnerability
USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data...
LSN-0084-1: Kernel Live Patch Security Notice
William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or execute arbitrary...
USN-5241-1: QtSvg vulnerabilities
It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary co...
USN-5240-1: Linux kernel vulnerability
William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...
USN-5236-1: pngcrush vulnerability
Brian Carpenter discovered that pngcrush incorrectly handled specially crafted file. An attacker could possibly use this issue to cause a denial of service...
USN-5233-2: ClamAV vulnerability
USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the CLSCANGENERALCOLLECTMETADATA scan option was enabled. A remote attacker...