10905 matches found
USN-5234-1: Byobu vulnerability
Sander Bos discovered that Byobu incorrectly handled certain Apport data. An attacker could possibly use this issue to expose sensitive information...
USN-5235-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. CVE-2021-41816 It was discovered that Ruby incorrectly handled certain regular expressions. An...
USN-5233-1: ClamAV vulnerability
It was discovered that ClamAV incorrectly handled memory when the CLSCANGENERALCOLLECTMETADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
USN-5227-2: Pillow vulnerabilities
USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
USN-5229-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information across domains, or execu...
USN-5224-2: Ghostscript vulnerabilities
USN-5224-1 fixed several vulnerabilities in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a...
USN-5227-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. CVE-2021-23437 It was discovered that Pillow incorrectly handled...
USN-5226-1: systemd vulnerability
It was discovered that systemd-tmpfiles employed uncontrolled recursion when removing deeply nested directory hierarchies. A local attacker could exploit this to cause systemd-tmpfiles to crash or have other unspecified impacts...
USN-5210-2: Linux kernel regression
USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...
USN-5223-1: Apache Log4j 1.2 vulnerability
It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...
USN-5225-1: lxml vulnerability
It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code...
USN-5224-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execut...
USN-5222-1: Apache Log4j 2 vulnerabilities
It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...
USN-5043-2: Exiv2 regression
USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 incorrectly handled certain image...
USN-5219-1: Linux kernel vulnerability
It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-5218-1: Linux kernel (OEM) vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...
USN-5217-1: Linux kernel (OEM) vulnerabilities
It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-4090 It was discovered that the eBPF implementation in th...
USN-5215-1: NLTK vulnerability
Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service...
USN-5212-2: Apache HTTP Server vulnerabilities
USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...
USN-5213-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-5212-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...
LSN-0083-1: Kernel Live Patch Security Notice
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...
USN-5211-1: Linux kernel vulnerability
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages...
USN-5209-1: Linux kernel vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that a race condition existed in the time...
USN-5210-1: Linux kernel vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the Linux kernel did not properly...
USN-5208-1: Linux kernel vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that a race condition existed in the...
USN-5206-1: Linux kernel (OEM) vulnerability
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages...
USN-5207-1: Linux kernel (OEM) vulnerabilities
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...
USN-5204-1: Django vulnerabilities
Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. CVE-2021-45115 Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. ...
USN-5186-2: Firefox regressions
USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...
USN-5203-1: Apache Log4j 2 vulnerability
Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...
USN-5201-1: Python vulnerabilities
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...
USN-5200-1: Python vulnerabilities
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2020-8492 It was...
USN-5199-1: Python vulnerabilities
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...
USN-5192-2: Apache Log4j 2 vulnerability
USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this...
USN-5202-1: OpenJDK vulnerabilities
Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information rudimentary por...
USN-5198-1: HTMLDOC vulnerability
It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service...
USN-5195-1: Mumble vulnerability
It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code...
USN-5195-2: Mumble vulnerability
It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code...
USN-5197-1: Apache Log4j 2 vulnerability
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. An attacker could use this vulnerability to cause a denial of service. Please see the following link for more information:...
USN-5194-1: Olm vulnerability
Denis Kasak discovered that Olm was not verifying the length of input being processed by the olmpkdecrypt module, which introduced a stack-based buffer overflow vulnerability to the library. An attacker could use this to cause a denial of service application crash or possibly execute arbitrary co...
USN-5193-1: X.Org X Server vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges...
USN-5192-1: Apache Log4j 2 vulnerability
Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Please see the following link for more information:...
USN-5191-1: Flatpak vulnerability
It was discovered that Flatpak incorrectly handled certain AFUNIX sockets. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement...
USN-5174-2: Samba regression
USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...
USN-5189-1: GLib vulnerability
It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges...
USN-5142-3: Samba regression
USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original...
USN-5188-1: Keepalived vulnerability
It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass...
USN-5186-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary cod...
USN-5173-2: libmodbus vulnerabilities
USN-5173-1 fixed vulnerabilities in libmodbus. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service o...