10832 matches found
USN-5008-1: Avahi vulnerabilities
Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. CVE-2021-3468 It...
USN-5007-1: libuv vulnerability
Eric Sesterhenn discovered that libuv incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information or cause a crash...
USN-5006-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7068 It wa...
USN-5005-1: DjVuLibre vulnerability
It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4905-2: X.Org X Server vulnerability
USN-4905-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could us...
USN-4866-1: Netty vulnerabilities
It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518...
USN-4997-2: Linux kernel (KVM) vulnerabilities
USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free...
USN-5000-2: Linux kernel (KVM) vulnerabilities
USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of...
USN-4995-2: Thunderbird vulnerabilities
USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...
USN-4998-1: Ceph vulnerabilities
It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. CVE-2020-25678 Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain...
USN-5004-1: RabbitMQ vulnerabilities
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2019-11287 Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An...
USN-5003-1: Linux kernel vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 It was discovered that the eBPF implementation in the Linux kernel...
USN-5002-1: Linux kernel (HWE) vulnerability
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code...
USN-5001-1: Linux kernel (OEM) vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementati...
USN-5000-1: Linux kernel vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...
USN-4999-1: Linux kernel vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...
USN-4997-1: Linux kernel vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...
USN-4995-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or...
USN-4996-2: OpenEXR vulnerabilities
USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a...
USN-4996-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-4994-2: Apache HTTP Server vulnerabilities
USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...
USN-4994-1: Apache HTTP Server vulnerabilities
Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...
USN-4993-1: Dovecot vulnerabilities
Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. CVE-2021-29157 Fabian Ising and Damian Poddebniak discovered that...
USN-4992-1: GRUB 2 vulnerabilities
Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2020-14372 Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-...
USN-4991-1: libxml2 vulnerabilities
Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM...
USN-4990-1: Nettle vulnerabilities
It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly u...
USN-4989-2: BlueZ vulnerabilities
USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate device...
USN-4989-1: BlueZ vulnerabilities
It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. CVE-2020-26558 Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to caus...
USN-4988-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...
USN-4986-4: rpcbind regression
USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large...
USN-4987-1: ExifTool vulnerability
It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...
USN-4986-3: rpcbind regression
USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data...
USN-4971-2: libwebp vulnerabilities
USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into...
USN-4986-2: rpcbind vulnerability
USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to...
USN-4986-1: rpcbind vulnerability
It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service...
USN-4985-1: Intel Microcode vulnerabilities
It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O VT-d. This may allow a local user to perform a privilege escalation attack. CVE-2020-24489 Joseph Nuzman discovered that some Intel processors may not...
USN-4982-1: Linux kernel vulnerabilities
Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...
USN-4984-1: Linux kernel vulnerabilities
Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash. CVE-2021-28038 It was discovered that the Realtek...
USN-4937-2: GNOME Autoar regression
USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Original advisory details: Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into...
USN-4969-3: DHCP regression
USN-4969-1 fixed a vulnerability in DHCP. The package for Ubuntu 21.04 introduced a regression causing it to reject certain valid configuration files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered tha...
USN-4975-2: Django vulnerability
USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly...
USN-4979-1: Linux kernel vulnerabilities
Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...
USN-4983-1: Linux kernel (OEM) vulnerabilities
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33200 Piotr Krysiuk and Benedict Schlueter...
USN-4981-1: Squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. CVE-2021-28651 Joshua Rogers discovered that Squid incorrectly handled requests to the Cache...
USN-4980-1: polkit vulnerability
Kevin Backhouse discovered that polkit incorrectly handled errors in the polkitsystembusnamegetcredssync function. A local attacker could possibly use this issue to escalate privileges...
USN-4977-1: Linux kernel vulnerabilities
Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...
USN-4978-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute...
USN-4976-1: Dnsmasq vulnerability
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks...
USN-4975-1: Django vulnerabilities
It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2021-32052 Rasmus Lerchedahl Petersen...
USN-4974-1: Lasso vulnerability
It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...