10918 matches found
USN-4964-1: Exiv2 vulnerabilities
It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. CVE-2021-29463 It was discovered that Exiv2 incorrectly handled certain files. An...
USN-4962-1: Babel vulnerability
It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-4963-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service...
USN-4961-1: pip vulnerability
It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...
USN-4960-1: runC vulnerability
Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges...
USN-4945-2: Linux kernel (Raspberry Pi) vulnerabilities
USN-4945-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. Original advisory details: It was discovered that the Nouveau G...
USN-4959-1: GStreamer Base Plugins vulnerability
It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...
USN-4957-2: DjVuLibre vulnerabilities
USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a...
USN-4958-1: Caribou vulnerability
It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism...
USN-4957-1: DjVuLibre vulnerabilities
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary co...
USN-4956-1: Eventlet vulnerability
It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...
USN-4955-1: Please vulnerabilities
Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a denial of service, or possibly escalate privileges...
USN-4628-3: Intel Microcode vulnerabilities
USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Dani...
LSN-0077-1: Kernel Live Patch Security Notice
Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copyfromuser when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service memory exhaustion or execute arbitrary...
USN-4954-1: GNU C Library vulnerabilities
Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service application crash or execute arbitrary code. CVE-2020-6096 It was...
USN-4953-1: AWStats vulnerabilities
Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-29600 It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access...
USN-4932-2: Django vulnerability
USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwri...
USN-4952-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the...
USN-4951-1: Flatpak vulnerability
Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement...
USN-4950-1: Linux kernel vulnerabilities
Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...
USN-4949-1: Linux kernel vulnerabilities
Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...
USN-4948-1: Linux kernel (OEM) vulnerabilities
Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...
USN-4946-1: Linux kernel vulnerabilities
It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-20292 Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan ...
USN-4947-1: Linux kernel (OEM) vulnerabilities
Kiyin 尹亮 discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-35519 It was discovered that the fastrpc driver i...
USN-4945-1: Linux kernel vulnerabilities
It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2020-25639 Jan Beulich discovered that the Xen netback backend in the Linux kernel did not...
USN-4944-1: MariaDB vulnerabilities
This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10...
USN-4943-1: XStream vulnerabilities
Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. CVE-2020-26217 It was discovered that XStream was vulnerable to...
USN-4942-1: Firefox vulnerability
A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code...
USN-4941-1: Exiv2 vulnerabilities
It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. CVE-2021-29457 It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of...
USN-4940-1: PyYAML vulnerability
It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4939-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4936-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2021-23968,...
USN-4938-1: Unbound vulnerabilities
It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files...
USN-4934-2: Exim vulnerabilities
USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2020-28026 only affected Ubuntu 16.04 ESM. Original advisory details: It was discovered that Exim contained multiple security issues. An attacker could us...
USN-4937-1: GNOME Autoar vulnerability
Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution...
USN-4935-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. CVE-2021-1076 It was discovered that the NVIDIA GPU display...
USN-4934-1: Exim vulnerabilities
It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges...
USN-4932-1: Django vulnerability
It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...
USN-4933-1: OpenVPN vulnerabilities
It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11810 It was discovered that OpenVPN incorrectly...
USN-4918-3: ClamAV regression
USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to...
USN-4931-1: Samba vulnerabilities
Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. CVE-2020-14318 Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...
LSN-0076-1: Kernel Live Patch Security Notice
It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges.CVE-2021-3493 Piotr Krysiuk discovered that the BPF JIT compil...
USN-4930-1: Samba vulnerability
Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour...
USN-4929-1: Bind vulnerabilities
Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2021-25214 Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote...
USN-4928-1: GStreamer Good Plugins vulnerabilities
It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. CVE-2021-3497 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could...
USN-4913-2: Underscore vulnerability
USN-4913-1 fixed vulnerabilities in Underscore. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code...
USN-4892-1: OpenJDK vulnerability
It was discovered that OpenJDK incorrectly verified Jar signatures. An attacker could possibly use this issue to bypass intended security restrictions when using Jar files signed with a disabled algorithm...
USN-4922-2: Ruby vulnerability
USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Original advisory details: Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to...
USN-4927-1: File Roller vulnerability
It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information...
USN-4926-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, trick the user into disclosing confidential...