USNs for ubuntu 12.04 LTS

USN-3272-1: Ghostscript vulnerabilities

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a…

28 April 2017

USN-3271-1: Libxslt vulnerabilities

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An…

28 April 2017

USN-3264-2: Linux kernel (Trusty HWE) vulnerability

USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux…

24 April 2017

USN-3263-1: FreeType vulnerability

It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 April 2017

USN-3259-1: Bind vulnerabilities

It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a…

17 April 2017

USN-3256-2: Linux kernel (HWE) vulnerability

USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not…

5 April 2017

USN-3256-1: Linux kernel vulnerability

Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash).

5 April 2017

USN-3254-1: Django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote…

4 April 2017

USN-3216-2: Firefox regression

USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker…

30 March 2017

USN-3242-2: Samba regression

USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory details: Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the …

30 March 2017

USN-3250-2: Linux kernel (Trusty HWE) vulnerability

USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from…

29 March 2017

USN-3248-1: Linux kernel vulnerability

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.

29 March 2017

USN-3247-1: AppArmor vulnerability

Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior.

28 March 2017

USN-3246-1: Eject vulnerability

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator.

27 March 2017

USN-3245-1: GStreamer Good Plugins vulnerabilities

Hanno Böck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

27 March 2017

USN-3244-1: GStreamer Base Plugins vulnerabilities

Hanno Böck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

27 March 2017

USN-3233-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code….

24 March 2017

USN-3239-3: GNU C Library regression

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error. Original advisory details: It was discovered that the GNU C Library…

24 March 2017

USN-3242-1: Samba vulnerability

Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

23 March 2017

USN-3241-1: audiofile vulnerabilities

Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or possibly execute arbitrary code.

22 March 2017

USN-3239-2: GNU C Library Regression

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be…

21 March 2017

USN-3239-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow()…

21 March 2017

USN-3240-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

21 March 2017

USN-3238-1: Firefox vulnerability

An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code. (CVE-2017-5428)

20 March 2017

USN-3183-2: GnuTLS vulnerability

USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to…

20 March 2017

USN-3237-1: FreeType vulnerability

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

20 March 2017

USN-3235-1: libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was…

16 March 2017

USN-3232-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

14 March 2017

USN-3231-1: Pidgin vulnerability

Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

14 March 2017

USN-3229-1: Python Imaging Library vulnerabilities

It was discovered that the Python Imaging Library incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause the Python Imaging Library to crash, resulting in a denial of service. (CVE-2014-9601) Cris Neckar discovered that the Python Imaging Library incorrectly handled certain…

13 March 2017

USN-3228-1: libevent vulnerabilities

Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

13 March 2017

USN-3227-1: ICU vulnerabilities

It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

13 March 2017

USN-3226-1: icoutils vulnerabilities

Jerzy Kramarz discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

13 March 2017

USN-3225-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A…

9 March 2017

USN-3223-1: KDE-Libs vulnerability

Itzik Kotler, Yonatan Fridburg, and Amit Klein discovered that KDE-Libs incorrectly handled certain PAC files. A remote attacker could possibly use this issue to obtain sensitive information.

9 March 2017

USN-3222-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

8 March 2017

USN-3219-2: Linux kernel (Trusty HWE) vulnerability

USN-3219-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A…

8 March 2017

USN-3216-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or…

7 March 2017

USN-3218-1: Linux kernel vulnerability

Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.

7 March 2017

USN-3217-1: network-manager-applet vulnerability

Frederic Bardy and Quentin Biguenet discovered that network-manager-applet incorrectly checked permissions when connecting to certain wireless networks. A local attacker could use this issue at the login screen to access local files.

7 March 2017

USN-3214-1: w3m vulnerabilities

A large number of security issues were discovered in the w3m browser. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

2 March 2017

USN-3213-1: GD library vulnerabilities

Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10….

28 February 2017

USN-3210-1: LibreOffice vulnerability

Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links.

23 February 2017

USN-3142-2: ImageMagick regression

USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or…

22 February 2017

USN-3207-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use…

22 February 2017

USN-3206-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux…

22 February 2017

USN-3205-1: tcpdump vulnerabilities

It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

21 February 2017

USN-3204-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service.

20 February 2017

USN-3203-1: gtk-vnc vulnerabilities

It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code.

20 February 2017

USN-3201-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

16 February 2017

USN-3198-1: OpenJDK 6 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms…

16 February 2017

USN-3197-1: libgc vulnerability

Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service (application crash) or possibly execute arbitrary code.

15 February 2017

USN-3196-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing…

14 February 2017

USN-3187-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use…

9 February 2017

USN-3175-2: Firefox regression

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a…

6 February 2017

USN-3193-1: Nettle vulnerability

It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.

6 February 2017

USN-3192-1: Squid vulnerabilities

Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients’ browsing sessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the…

6 February 2017

USN-3188-2: Linux kernel (Trusty HWE) vulnerability

USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote…

3 February 2017

USN-3187-1: Linux kernel vulnerabilities

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use…

3 February 2017

USN-3177-2: Tomcat regression

USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username…

2 February 2017

USN-3185-1: libXpm vulnerability

It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code.

1 February 2017

USN-3184-1: Irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user’s window contents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or…

1 February 2017

USN-3183-1: GnuTLS vulnerabilities

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker…

1 February 2017

USN-3181-1: OpenSSL vulnerabilities

Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update….

31 January 2017

USN-3165-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee>…

28 January 2017

USN-3175-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in…

27 January 2017

USN-3178-1: icoutils vulnerabilities

It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

24 January 2017

USN-3177-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn’t exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat…

23 January 2017

USN-3176-1: PCSC-Lite vulnerability

Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges.

23 January 2017

USN-3174-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes, the updated packages contain bug fixes, new…

19 January 2017

USN-3173-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

18 January 2017

USN-3172-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use…

12 January 2017

USN-3171-1: LibVNCServer vulnerabilities

Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

11 January 2017

USN-3168-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain…

11 January 2017

USN-3167-2: Linux kernel (OMAP4) vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux…

11 January 2017

USN-3167-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture…

11 January 2017

USN-3164-1: Exim vulnerability

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files.

5 January 2017

USN-3163-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie…

4 January 2017

USN-3160-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel’s…

20 December 2016

USN-3159-2: Linux kernel (OMAP4) vulnerability

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

20 December 2016

USN-3159-1: Linux kernel vulnerability

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

20 December 2016

USN-3158-1: Samba vulnerabilities

Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123) Simo Sorce discovered that that Samba clients always…

19 December 2016

USN-3157-1: Apport vulnerabilities

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS….

14 December 2016

USN-3155-1: Firefox vulnerabilities

Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9080,…

13 December 2016

USN-3154-1: OpenJDK 6 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An…

8 December 2016

USN-3150-2: Linux kernel (OMAP4) vulnerability

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

6 December 2016

USN-3150-1: Linux kernel vulnerability

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

5 December 2016

USN-3149-2: Linux kernel (Trusty HWE) vulnerability

USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could…

5 December 2016

USN-3148-1: Ghostscript vulnerabilities

Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple…

2 December 2016

USN-3141-1: Thunderbird vulnerabilities

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary…

1 December 2016

USN-3140-1: Firefox vulnerabilities

It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit…

30 November 2016

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A…

30 November 2016

USN-3144-2: Linux kernel (OMAP4) vulnerability

Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.

30 November 2016

USN-3144-1: Linux kernel vulnerability

Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.

30 November 2016

USN-3143-1: c-ares vulnerability

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.

30 November 2016

USN-3142-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

30 November 2016

USN-3139-1: Vim vulnerability

Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user’s privileges.

29 November 2016

USN-3135-2: GStreamer Good Plugins vulnerability

USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer…

28 November 2016

USN-3137-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data,…

23 November 2016

USN-3135-1: GStreamer Good Plugins vulnerability

Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.

22 November 2016

USN-3134-1: Python vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the…

22 November 2016

USN-3132-1: tar vulnerability

Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.

21 November 2016

USN-3131-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

21 November 2016

USN-3124-1: Firefox vulnerabilities

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

19 November 2016

USN-3126-2: Linux kernel (OMAP4) vulnerabilities

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042) Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the…

11 November 2016

USN-3126-1: Linux kernel vulnerabilities

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042) Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the…

11 November 2016

USN-3127-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did…

11 November 2016

USN-3125-1: QEMU vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-5403) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the…

9 November 2016

USN-3123-1: curl vulnerabilities

It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl…

3 November 2016

USN-3122-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.

3 November 2016

USN-3120-1: Memcached vulnerabilities

Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.

2 November 2016

USN-3119-1: Bind vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

1 November 2016

USN-3118-1: Mailman vulnerabilities

It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS….

1 November 2016

USN-3117-1: GD library vulnerabilities

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. (CVE-2016-6911) Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP…

1 November 2016

USN-3116-1: DBus vulnerabilities

It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this…

1 November 2016

USN-3115-1: Django vulnerabilities

Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. (CVE-2016-9013) Aymeric Augustin discovered that Django incorrectly…

1 November 2016

USN-3112-1: Thunderbird vulnerabilities

Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Christoph Diehl,…

27 October 2016

USN-3111-1: Firefox vulnerabilities

A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. (CVE-2016-5287) It was discovered that web content could access information in the HTTP cache in some…

27 October 2016

USN-3110-1: Quagga vulnerability

David Lamparter discovered that Quagga incorrectly handled certain IPv6 router advertisements. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.

25 October 2016

USN-3109-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. In addition to security fixes, the updated packages contain bug fixes, new…

25 October 2016

USN-3108-1: Bind vulnerability

Toshifumi Sakaguchi discovered that Bind incorrectly handled certain packets with malformed options. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

21 October 2016

USN-3104-2: Linux kernel (OMAP4) vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.

20 October 2016

USN-3105-2: Linux kernel (Trusty HWE) vulnerability

USN-3105-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of…

20 October 2016

USN-3104-1: Linux kernel vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.

20 October 2016

USN-3097-2: Linux kernel (OMAP4) vulnerabilities

Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local…

13 October 2016

USN-3103-1: DBD::mysql vulnerabilities

It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9906) Hanno Böck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use…

13 October 2016

USN-3102-1: Quagga vulnerabilities

It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. (CVE-2016-4049) It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to…

13 October 2016

USN-3100-1: KDE-PIM Libraries vulnerability

Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered URLs. A remote attacker could use this issue to perform an HTML injection attack in the KMail plain text viewer.

12 October 2016

USN-3098-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3098-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local…

11 October 2016

USN-3097-1: Linux kernel vulnerabilities

Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local…

11 October 2016

USN-3096-1: NTP vulnerabilities

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack….

5 October 2016

USN-3095-1: PHP vulnerabilities

Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124) Taoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker…

4 October 2016

USN-3093-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

28 September 2016

USN-3088-1: Bind vulnerability

It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

27 September 2016

USN-3089-1: Django vulnerability

Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass.

27 September 2016

USN-3087-2: OpenSSL regression

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could…

23 September 2016

USN-3087-1: OpenSSL vulnerabilities

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly…

22 September 2016

USN-3073-1: Thunderbird vulnerabilities

Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code….

22 September 2016

USN-3076-1: Firefox vulnerabilities

Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler,…

22 September 2016

USN-3085-1: GDK-PixBuf vulnerabilities

It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute…

21 September 2016

USN-3083-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a…

19 September 2016

USN-3082-2: Linux kernel (OMAP4) vulnerability

Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM (OABI) had incomplete access checks for epoll_wait(2) and semtimedop(2). A local attacker could use this to possibly execute arbitrary code.

19 September 2016

USN-3082-1: Linux kernel vulnerability

Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM (OABI) had incomplete access checks for epoll_wait(2) and semtimedop(2). A local attacker could use this to possibly execute arbitrary code.

19 September 2016

USN-3081-1: Tomcat vulnerability

Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. (CVE-2016-1240) This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default.

19 September 2016

USN-3080-1: Python Imaging Library vulnerabilities

Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. (CVE-2016-0775, CVE-2016-2533) Andrew Drake discovered that the Python Imaging Libray incorrectly validated input. A…

15 September 2016

USN-3078-1: MySQL vulnerability

Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated…

13 September 2016

USN-3077-1: OpenJDK 6 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of…

12 September 2016

USN-3075-1: Imlib2 vulnerabilities

Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service (application crash) or possibly obtain sensitive information. (CVE-2016-3994) Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a…

9 September 2016

USN-3072-2: Linux kernel (OMAP4) vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation’s handling of challenge acks in the Linux kernel. A remote…

29 August 2016

USN-3072-1: Linux kernel vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation’s handling of challenge acks in the Linux kernel. A remote…

29 August 2016

USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker…

29 August 2016

USN-3069-1: Eye of GNOME vulnerability

It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.

25 August 2016

USN-3068-1: Libidn vulnerabilities

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04…

24 August 2016

USN-3066-1: PostgreSQL vulnerabilities

Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423) Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A…

18 August 2016

USN-3065-1: Libgcrypt vulnerability

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.

18 August 2016

USN-3064-1: GnuPG vulnerability

Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.

18 August 2016

USN-3063-1: Fontconfig vulnerability

Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.

17 August 2016

USN-3061-1: OpenSSH vulnerabilities

Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. (CVE-2016-6210) Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password lengths. A remote attacker could use this issue to…

15 August 2016

USN-3047-2: QEMU regression

USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize for the inconvenience. Original advisory details: …

12 August 2016

USN-3051-1: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the netlink implementation of the…

10 August 2016

USN-3050-1: Linux kernel (OMAP4) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Vitaly Kuznetsov discovered that the…

10 August 2016

USN-3049-1: Linux kernel vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Vitaly Kuznetsov discovered that the…

10 August 2016

USN-3048-1: curl vulnerabilities

Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to…

8 August 2016

USN-3044-1: Firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718) Toni Huttunen discovered that once a favicon is…

5 August 2016

USN-3047-1: QEMU vulnerabilities

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the…

4 August 2016

USN-3046-1: LibreOffice vulnerability

Yves Younan and Richard Johnson discovered that LibreOffice incorrectly handled presentation files. If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

4 August 2016

USN-3045-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled…

2 August 2016

USN-3042-1: KDE-Libs vulnerability

Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.

26 July 2016

USN-3040-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. In addition to security fixes, the updated…

21 July 2016

USN-3038-1: Apache HTTP Server vulnerability

It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.

18 July 2016

USN-3023-1: Thunderbird vulnerabilities

It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy…

18 July 2016

USN-3034-2: Linux kernel (Trusty HWE) vulnerability

USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jan Stancek discovered that the Linux kernel’s memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO)…

14 July 2016

USN-3033-1: libarchive vulnerabilities

Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921,…

14 July 2016

USN-3031-1: Pidgin vulnerabilities

Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

12 July 2016

USN-3030-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated…

11 July 2016

USN-3029-1: NSS vulnerability

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. As a security improvement, this…

11 July 2016

USN-3028-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 July 2016

USN-3025-1: GIMP vulnerability

It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

5 July 2016

USN-3024-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the…

5 July 2016

USN-3022-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

29 June 2016

USN-3021-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered an information leak in the core…

27 June 2016

USN-3021-1: Linux kernel vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered an information leak in the core…

27 June 2016

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32…

27 June 2016

USN-3013-1: XML-RPC for C and C++ vulnerabilities

It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this…

20 June 2016

USN-3010-1: Expat vulnerabilities

It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

20 June 2016

USN-3012-1: Wget vulnerability

Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

20 June 2016

USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did…

10 June 2016

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Ralf…

10 June 2016

USN-2996-1: Linux kernel vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Ralf…

10 June 2016

USN-2995-1: Squid vulnerabilities

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool…

9 June 2016

USN-2993-1: Firefox vulnerabilities

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker…

9 June 2016

USN-2994-1: libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered…

6 June 2016

USN-2990-1: ImageMagick vulnerabilities

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as “ImageTragick”. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need…

2 June 2016

USN-2987-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library…

31 May 2016

USN-2986-1: dosfstools vulnerabilities

Hanno Böck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code.

31 May 2016

USN-2985-2: GNU C Library regression

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. We apologize for the…

26 May 2016

USN-2985-1: GNU C Library vulnerabilities

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not…

25 May 2016

USN-2984-1: PHP vulnerabilities

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP Zip extension…

24 May 2016

USN-2936-3: Firefox regression

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren,…

19 May 2016

USN-2973-1: Thunderbird vulnerabilities

Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered…

19 May 2016

USN-2950-4: Samba regressions

USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the “client ipc signing” parameter to “auto”. We apologize for the inconvenience. Original advisory…

18 May 2016

USN-2983-1: Expat vulnerability

Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)

18 May 2016

USN-2982-1: Libksba vulnerabilities

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An…

17 May 2016

USN-2981-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1541) It was…

17 May 2016

USN-2975-2: Linux kernel (Trusty HWE) vulnerability

USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of…

16 May 2016

USN-2974-1: QEMU vulnerabilities

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this…

12 May 2016

USN-2972-1: OpenJDK 6 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) A vulnerability was discovered in…

10 May 2016

USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities

USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints…

9 May 2016

USN-2967-2: Linux kernel (OMAP4) vulnerabilities

It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by…

9 May 2016

USN-2967-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by…

9 May 2016

USN-2966-1: OpenSSH vulnerabilities

Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. (CVE-2015-8325) Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash,…

9 May 2016

USN-2950-3: Samba regressions

USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This…

4 May 2016

USN-2959-1: OpenSSL vulnerabilities

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly…

3 May 2016

USN-2936-2: Oxygen-GTK3 update

USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to crash on startup with the Oxygen GTK theme due to a pre-existing bug in the Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, …

2 May 2016

USN-2958-1: poppler vulnerabilities

It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473, CVE-2013-4474) It was discovered that poppler incorrectly…

2 May 2016

USN-2957-1: Libtasn1 vulnerability

Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service.

2 May 2016

USN-2934-1: Thunderbird vulnerabilities

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute…

27 April 2016

USN-2936-1: Firefox vulnerabilities

Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to…

27 April 2016

USN-2953-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…

21 April 2016

USN-2952-1: PHP vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to…

21 April 2016

USN-2917-3: Firefox regressions

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an …

19 April 2016

USN-2951-1: OptiPNG vulnerabilities

Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801) Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially…

18 April 2016

USN-2950-1: Samba vulnerabilities

Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple…

18 April 2016

USN-2917-2: Firefox regressions

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis…

7 April 2016

USN-2946-2: Linux kernel (Trusty HWE) vulnerabilities

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel’s CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker…

6 April 2016

USN-2945-1: XChat-GNOME vulnerability

It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server’s certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

4 April 2016

USN-2944-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

4 April 2016

USN-2943-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

29 March 2016

USN-2941-1: Quagga vulnerabilities

Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342) It was discovered that Quagga incorrectly handled messages with a…

24 March 2016

USN-2939-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

23 March 2016

USN-2938-1: Git vulnerabilities

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

21 March 2016

USN-2935-3: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the inconvenience. Original advisory details: It was…

17 March 2016

USN-2935-2: PAM regression

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing…

16 March 2016

USN-2935-1: PAM vulnerabilities

It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp…

16 March 2016

USN-2933-1: Exim vulnerabilities

It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment by default on…

15 March 2016

USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux…

14 March 2016

USN-2928-2: Linux kernel (OMAP4) vulnerability

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

14 March 2016

USN-2928-1: Linux kernel vulnerability

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

14 March 2016

USN-2926-1: OTR vulnerability

Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 March 2016

USN-2925-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-1285) It was discovered that Bind incorrectly parsed resource record signatures for DNAME resource records. A remote attacker could possibly…

9 March 2016

USN-2924-1: NSS vulnerability

Francis Gabriel discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 March 2016

USN-2917-1: Firefox vulnerabilities

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph…

9 March 2016

USN-2923-1: BeanShell vulnerability

Alvaro Muñoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.

8 March 2016

USN-2922-1: Samba vulnerabilities

Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. (CVE-2015-7560) Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue…

8 March 2016

USN-2904-1: Thunderbird vulnerabilities

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain…

8 March 2016

USN-2921-1: Squid vulnerabilities

Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6270) Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote…

7 March 2016

USN-2919-1: JasPer vulnerabilities

Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly…

3 March 2016

USN-2918-1: pixman vulnerability

Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

3 March 2016

USN-2916-1: Perl vulnerabilities

It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422) Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An…

2 March 2016

USN-2915-1: Django vulnerabilities

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password…

1 March 2016

USN-2914-1: OpenSSL vulnerabilities

Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory…

1 March 2016

USN-2913-3: OpenSSL update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those…

24 February 2016

USN-2913-2: glib-networking update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to…

24 February 2016

USN-2913-4: GnuTLS update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those…

24 February 2016

USN-2913-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.

24 February 2016

USN-2903-2: NSS regression

USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly…

23 February 2016

USN-2912-1: libssh vulnerabilities

Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2015-3146) Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits…

23 February 2016

USN-2911-2: Linux kernel (OMAP4) vulnerability

It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

22 February 2016

USN-2911-1: Linux kernel vulnerability

It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

22 February 2016

USN-2907-2: Linux kernel (Trusty HWE) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs….

22 February 2016

USN-2906-1: GNU cpio vulnerabilities

Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the –no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and…

22 February 2016

USN-2903-1: NSS vulnerability

Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938) This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA.

17 February 2016

USN-2900-1: GNU C Library vulnerability

It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

16 February 2016

USN-2899-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled LWP document files. If a user were tricked into opening a specially crafted LWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

16 February 2016

USN-2855-2: Samba regression

USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory details: Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP …

16 February 2016

USN-2898-2: Eye of GNOME vulnerability

It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.

15 February 2016

USN-2898-1: GTK+ vulnerability

It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

15 February 2016

USN-2896-1: Libgcrypt vulnerability

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

15 February 2016

USN-2893-1: Firefox vulnerability

Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to bypass same origin restrictions using the Flash plugin. (CVE-2016-1949)

11 February 2016

USN-2894-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could…

11 February 2016

USN-2880-2: Firefox regression

USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup,…

8 February 2016

USN-2891-1: QEMU vulnerabilities

Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549) Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could…

3 February 2016

USN-2887-2: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore…

2 February 2016

USN-2886-2: Linux kernel (OMAP4) vulnerabilities

It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore…

1 February 2016

USN-2886-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore…

1 February 2016

USN-2885-1: OpenJDK 6 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE…

1 February 2016

USN-2882-1: curl vulnerability

Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host.

27 January 2016

USN-2880-1: Firefox vulnerabilities

Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial…

27 January 2016

USN-2881-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28. In addition to security fixes, the updated packages contain bug fixes, new…

26 January 2016

USN-2879-1: rsync vulnerability

It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.

21 January 2016

USN-2876-1: eCryptfs vulnerability

Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges. (CVE-2016-1572)

20 January 2016

USN-2875-1: libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

19 January 2016

USN-2874-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

19 January 2016

USN-2870-2: Linux kernel (Trusty HWE) vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

19 January 2016

USN-2869-1: OpenSSH vulnerabilities

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys.

14 January 2016

USN-2859-1: Thunderbird vulnerabilities

Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user…

13 January 2016

USN-2868-1: DHCP vulnerability

Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to stop responding, resulting in a denial of service.

13 January 2016

USN-2867-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-4600) Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local…

12 January 2016

USN-2866-1: Firefox vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

8 January 2016

USN-2865-1: GnuTLS vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

8 January 2016

USN-2864-1: NSS vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

7 January 2016

USN-2863-1: OpenSSL vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

7 January 2016

USN-2862-1: Pygments vulnerability

It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code.

7 January 2016

USN-2861-1: libpng vulnerabilities

It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2015-8472) Qixue Xiao and Chen Yu…

6 January 2016

USN-2856-1: ldb vulnerabilities

Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero values. A remote attacker could use this issue to cause applications using ldb, such as Samba, to stop responding, resulting in a denial of service. (CVE-2015-3223) Douglas Bagnall discovered that ldb incorrectly handled certain string lengths. A remote attacker could use…

5 January 2016

USN-2855-1: Samba vulnerabilities

Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly…

5 January 2016

USN-2847-1: Linux kernel (Trusty HWE) vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI…

19 December 2015

USN-2846-1: Linux kernel vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI…

19 December 2015

USN-2840-2: Linux kernel (OMAP4) vulnerability

Dmitry Vyukov discovered that the Linux kernel’s keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

17 December 2015

USN-2841-2: Linux kernel (Trusty HWE) vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not…

17 December 2015

USN-2840-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the Linux kernel’s keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug…

17 December 2015

USN-2838-2: foomatic-filters vulnerability

Adam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

16 December 2015

USN-2833-1: Firefox vulnerabilities

Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via…

15 December 2015

USN-2837-1: Bind vulnerability

It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.

15 December 2015

USN-2836-1: GRUB vulnerability

Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection.

15 December 2015

USN-2835-1: Git vulnerability

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.

15 December 2015

USN-2834-1: libxml2 vulnerabilities

Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500) Hugh…

14 December 2015

USN-2832-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496) Joshua Rogers discovered that libsndfile incorrectly handled division…

7 December 2015

USN-2831-2: foomatic-filters vulnerability

Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

7 December 2015

USN-2830-1: OpenSSL vulnerabilities

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-1794) Hanno Böck discovered that the OpenSSL…

7 December 2015

USN-2828-1: QEMU vulnerabilities

Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. (CVE-2015-7295) Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in loopback mode. A malicious guest could use…

3 December 2015

USN-2827-1: OpenJDK 6 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4881, CVE-2015-4883) A…

3 December 2015

USN-2826-1: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283) Dmitry Vyukov discovered that the Linux kernel’s keyring handler attempted to garbage collect incompletely…

3 December 2015

USN-2819-1: Thunderbird vulnerabilities

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via…

1 December 2015

USN-2821-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.

30 November 2015

USN-2820-1: dpkg vulnerability

Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.

26 November 2015

USN-2816-1: Django vulnerability

Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings.

24 November 2015

USN-2815-1: libpng vulnerabilities

Mikulas Patocka discovered that libpng incorrectly handled certain large fields. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause libpng to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-3425) Qixue Xiao discovered…

19 November 2015

USN-2814-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.

18 November 2015

USN-2812-1: libxml2 vulnerabilities

Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04….

16 November 2015

USN-2810-1: Kerberos vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443) It was discovered that Kerberos incorrectly handled null bytes in certain data…

12 November 2015

USN-2804-1: Linux kernel (Trusty HWE) vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.

10 November 2015

USN-2800-1: Linux kernel vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.

10 November 2015

USN-2788-2: unzip regression

USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were…

9 November 2015

USN-2796-1: Linux kernel (OMAP4) vulnerabilities

Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). (CVE-2015-7613) It was discovered that the Linux kernel did not check if a new IPv6 MTU…

5 November 2015

USN-2795-1: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices….

5 November 2015

USN-2793-1: LibreOffice vulnerabilities

Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files. (CVE-2015-4551) It was discovered that LibreOffice incorrectly handled PrinterSetup…

5 November 2015

USN-2792-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). (CVE-2015-7613) It was discovered that the Linux kernel did not check if a new IPv6 MTU…

5 November 2015

USN-2785-1: Firefox vulnerabilities

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

4 November 2015

USN-2791-1: NSS vulnerabilities

Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

4 November 2015

USN-2790-1: NSPR vulnerability

Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.

4 November 2015

USN-2789-1: XScreenSaver vulnerability

It was discovered that XScreenSaver incorrectly handled unplugging an external monitor. An attacker with physical access could use this flaw to gain access to a locked session.

3 November 2015

USN-2788-1: unzip vulnerabilities

Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user…

29 October 2015

USN-2787-1: audiofile vulnerability

Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.

28 October 2015

USN-2786-1: PHP vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)

28 October 2015

USN-2783-1: NTP vulnerabilities

Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-5146) Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a…

27 October 2015

USN-2782-1: Apport vulnerability

Gabriel Campana discovered that Apport incorrectly handled Python module imports. A local attacker could use this issue to elevate privileges.

27 October 2015

USN-2781-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27. In addition to security fixes, the updated packages contain bug fixes, new…

26 October 2015

USN-2780-1: MiniUPnP vulnerability

Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

20 October 2015

USN-2775-1: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio…

19 October 2015

USN-2774-1: Linux kernel (OMAP4) vulnerabilities

It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS)…

19 October 2015

USN-2773-1: Linux kernel vulnerabilities

It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS)…

19 October 2015

USN-2768-1: Firefox vulnerability

Abdulrahman Alqabandi and Ben Kelly discovered that the fetch() API did not correctly implement the Cross Origin Resource Sharing (CORS) specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2015-7184)

16 October 2015

USN-2772-1: PostgreSQL vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. (CVE-2015-5288) Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this…

16 October 2015

USN-2769-1: Apache Commons HttpClient vulnerabilities

It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783) Florian Weimer…

14 October 2015

USN-2767-1: GDK-PixBuf vulnerabilities

Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary…

13 October 2015

USN-2763-1: Linux kernel (Trusty HWE) vulnerability

Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

5 October 2015

USN-2754-1: Thunderbird vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute…

5 October 2015

USN-2743-4: Firefox regression

USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight,…

5 October 2015

USN-2760-1: Linux kernel (OMAP4) vulnerabilities

It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-5707) Marc-André Lureau discovered that the vhost driver did…

1 October 2015

USN-2759-1: Linux kernel vulnerabilities

It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-5707) Marc-André Lureau discovered that the vhost driver did…

1 October 2015

USN-2758-1: PHP vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-5589) It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to…

30 September 2015

USN-2756-1: rpcbind vulnerability

It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code.

30 September 2015

USN-2749-1: Linux kernel (Trusty HWE) vulnerabilities

Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-André Lureau discovered that the vhost driver did not properly release the userspace provided log file…

29 September 2015

USN-2747-1: NVIDIA graphics drivers vulnerability

Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.

28 September 2015

USN-2745-1: QEMU vulnerabilities

Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239) Qinghao Tang discovered that QEMU incorrectly handled…

24 September 2015

USN-2744-1: Apport vulnerability

Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.

24 September 2015

USN-2743-2: Ubufox update

USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were …

22 September 2015

USN-2743-1: Firefox vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via…

22 September 2015

USN-2742-1: OpenLDAP vulnerabilities

Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908) Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration….

16 September 2015

USN-2740-1: ICU vulnerabilities

Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270) It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a…

16 September 2015

USN-2739-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory.

10 September 2015

USN-2733-1: Linux kernel (Trusty HWE) vulnerability

It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.

3 September 2015

USN-2732-1: Linux kernel (OMAP4) vulnerability

Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel.

3 September 2015

USN-2731-1: Linux kernel vulnerability

Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel.

3 September 2015

USN-2730-1: OpenSLP vulnerabilities

Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled…

3 September 2015

USN-2729-1: libvdpau vulnerabilities

Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges.

3 September 2015

USN-2728-1: Bind vulnerability

Hanno Böck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

2 September 2015

USN-2726-1: Expat vulnerability

It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.

31 August 2015

USN-2723-1: Firefox vulnerabilities

A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox….

27 August 2015

USN-2724-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718) Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A…

27 August 2015

USN-2722-1: GDK-PixBuf vulnerability

Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

26 August 2015

USN-2712-1: Thunderbird vulnerabilities

Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges ofthe user invoking Thunderbird….

25 August 2015

USN-2702-3: Firefox regression

USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm…

20 August 2015

USN-2721-1: Subversion vulnerabilities

It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the…

20 August 2015

USN-2720-1: Django vulnerability

Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service.

18 August 2015

USN-2710-2: OpenSSH regression

USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an…

18 August 2015

USN-2715-1: Linux kernel (Trusty HWE) vulnerability

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

18 August 2015

USN-2714-1: Linux kernel (OMAP4) vulnerabilities

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-3212) A flaw was discovered in how the Linux kernel handles…

18 August 2015

USN-2713-1: Linux kernel vulnerabilities

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-3212) A flaw was discovered in how the Linux kernel handles…

18 August 2015

USN-2711-1: Net-SNMP vulnerabilities

It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565) Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to…

17 August 2015

USN-2710-1: OpenSSH vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending) Moritz Jodeit discovered that OpenSSH incorrectly handled context…

14 August 2015

USN-2702-2: Ubufox update

USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Original advisory details: Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted…

11 August 2015

USN-2702-1: Firefox vulnerabilities

Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the…

11 August 2015

USN-2707-1: Firefox vulnerability

Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files. (CVE-2015-4495)

7 August 2015

USN-2706-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several…

6 August 2015

USN-2704-1: Swift vulnerabilities

Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. (CVE-2014-7960) Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use…

6 August 2015

USN-2701-1: Linux kernel (Trusty HWE) vulnerabilities

31 July 2015

USN-2699-1: HPLIP vulnerability

Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a man-in-the-middle attack on printer plugin installations.

30 July 2015

USN-2698-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443) Michal Zalewski discovered that SQLite incorrectly handled…

30 July 2015

USN-2697-1: Ghostscript vulnerability

William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code.

30 July 2015

USN-2695-1: HTML Tidy vulnerabilities

Fernando Muñoz discovered that HTML Tidy incorrectly handled memory. If a user or automated system were tricked into processing specially crafted data, applications linked against HTML Tidy could be made to crash, leading to a denial of service, or possibly execute arbitrary code.

29 July 2015

USN-2694-1: PCRE vulnerabilities

Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964) Kai Lu discovered that PCRE incorrectly handled…

29 July 2015

USN-2693-1: Bind vulnerabilities

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. (CVE-2015-5477) Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use…

28 July 2015

USN-2687-1: Linux kernel (Trusty HWE) vulnerabilities

Andy Lutomirski discovered a flaw in the Linux kernel’s handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel’s keyring…

28 July 2015

USN-2686-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass…

27 July 2015

USN-2680-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) subsystem’s kvm_apic_has_events…

23 July 2015

USN-2679-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel’s BPF filter JIT optimization. A local…

23 July 2015

USN-2678-1: Linux kernel vulnerabilities

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel’s BPF filter JIT optimization. A local…

23 July 2015

USN-2676-1: NBD vulnerabilities

It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410) Tuomas Räsänen discovered that NBD incorrectly handled wrong export names and closed connections during…

22 July 2015

USN-2674-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features,…

21 July 2015

USN-2673-1: Thunderbird vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Bob Clary, Christian Holler, Bobby Holley, and…

20 July 2015

USN-2656-2: Firefox vulnerabilities

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Original advisory details: Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a…

15 July 2015

USN-2672-1: NSS vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly…

9 July 2015

USN-2671-1: Django vulnerabilities

Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143) Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header…

9 July 2015

USN-2670-1: libwmf vulnerabilities

Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

8 July 2015

USN-2669-1: Bind vulnerability

Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

7 July 2015

USN-2662-1: Linux kernel (Trusty HWE) vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system’s handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel’s file_handle size verification. A local user could exploit this flaw…

7 July 2015

USN-2661-1: Linux kernel (OMAP4) vulnerability

A race condition was discovered in the Linux kernel’s file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations.

7 July 2015

USN-2660-1: Linux kernel vulnerability

A race condition was discovered in the Linux kernel’s file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations.

7 July 2015

USN-2658-1: PHP vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension…

6 July 2015

USN-2659-1: cups-filters vulnerabilities

Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279)

6 July 2015

USN-2657-1: unattended-upgrades vulnerability

It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

29 June 2015

USN-2655-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses…

25 June 2015

USN-2653-1: Python vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A…

25 June 2015

USN-2651-1: GNU patch vulnerabilities

Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651) László Böszörményi discovered that GNU patch did not correctly…

22 June 2015

USN-2642-2: Linux kernel (Trusty HWE) regression

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user…

21 June 2015

USN-2641-2: Linux kernel (OMAP4) regression

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user…

21 June 2015

USN-2640-2: Linux kernel regression

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user…

21 June 2015

USN-2650-1: wpa_supplicant and hostapd vulnerabilities

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

16 June 2015

USN-2649-1: devscripts vulnerability

It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.

16 June 2015

USN-2648-1: Aptdaemon vulnerability

Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user.

16 June 2015

USN-2642-1: Linux kernel (Trusty HWE) vulnerability

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

15 June 2015

USN-2641-1: Linux kernel (OMAP4) vulnerability

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

15 June 2015

USN-2640-1: Linux kernel vulnerability

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

15 June 2015

USN-2639-1: OpenSSL vulnerabilities

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176) Joseph Barr-Pixton discovered that OpenSSL incorrectly handled…

11 June 2015

USN-2633-1: Linux kernel (Trusty HWE) vulnerabilities

Wen Xu discovered a use-after-free flaw in the Linux kernel’s ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. (CVE-2015-3636) A memory corruption flaw was discovered in the Linux kernel’s scsi subsystem. A local attacker could potentially exploit…

10 June 2015

USN-2632-1: Linux kernel (OMAP4) vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit…

10 June 2015

USN-2631-1: Linux kernel vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit…

10 June 2015

USN-2630-1: QEMU vulnerabilities

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor…

10 June 2015

USN-2629-1: CUPS vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158) It was discovered that the CUPS templating engine contained a cross-site scripting issue. A…

10 June 2015

USN-2626-1: Qt vulnerabilities

Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS….

3 June 2015

USN-2625-1: Apache HTTP Server update

As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved, including allowing DH parameters to be loaded from…

2 June 2015

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.

1 June 2015

USN-2623-1: ipsec-tools vulnerability

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain UDP packets. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.

1 June 2015

USN-2622-1: OpenLDAP vulnerabilities

It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164) Michael Vishchers discovered that OpenLDAP improperly counted references when…

26 May 2015

USN-2621-1: PostgreSQL vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. (CVE-2015-3165) Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values,…

25 May 2015

USN-2619-1: Linux kernel (Trusty HWE) vulnerability

A flaw was discovered in the Linux kernel’s IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

23 May 2015

USN-2609-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324) Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect…

21 May 2015

USN-2617-1: FUSE vulnerability

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.

21 May 2015

USN-2613-1: Linux kernel (Trusty HWE) vulnerabilities

Vincent Tondellier discovered an integer overflow in the Linux kernel’s netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715) Jan Beulich discovered the Xen virtual machine…

20 May 2015

USN-2612-1: Linux kernel (OMAP4) vulnerabilities

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. (CVE-2015-3339) Vincent Tondellier discovered an integer overflow in the Linux kernel’s netfilter connection tracking accounting of loaded extensions….

20 May 2015

USN-2611-1: Linux kernel vulnerability

Vincent Tondellier discovered an integer overflow in the Linux kernel’s netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).

20 May 2015

USN-2603-1: Thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges…

18 May 2015

USN-2602-1: Firefox vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via…

13 May 2015

USN-2608-1: QEMU vulnerabilities

Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be…

13 May 2015

USN-2607-1: Module::Signature vulnerabilities

John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. (CVE-2015-3406) John Lightsey discovered that Module::Signature incorrectly handled files that were not…

12 May 2015

USN-2606-1: OpenSSL update

For compatibility reasons, Ubuntu 12.04 LTS shipped OpenSSL with TLSv1.2 disabled when being used as a client. This update re-enables TLSv1.2 by default now that the majority of problematic sites have been updated to fix compatibility issues. For problematic environments, TLSv1.2 can be disabled again by setting the OPENSSL_NO_CLIENT_TLS1_2…

12 May 2015

USN-2604-1: Libtasn1 vulnerability

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 May 2015

USN-2597-2: Linux kernel (Trusty HWE) regression

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and…

8 May 2015

USN-2597-1: Linux kernel (Trusty HWE) vulnerability

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

5 May 2015

USN-2596-1: Linux kernel vulnerability

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

5 May 2015

USN-2595-1: ppp vulnerability

It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service.

5 May 2015

USN-2594-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

5 May 2015

USN-2593-1: Dnsmasq vulnerability

Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

4 May 2015

USN-2592-1: XML::LibXML vulnerability

Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

4 May 2015

USN-2591-1: curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use…

30 April 2015

USN-2587-1: Linux kernel (Trusty HWE) vulnerabilities

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel’s IPv6 networking stack has a flaw that allows using route…

30 April 2015

USN-2586-1: Linux kernel (OMAP4) vulnerability

It was discovered that the Linux kernel’s IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the ‘hop_limit’ to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

30 April 2015

USN-2585-1: Linux kernel vulnerability

It was discovered that the Linux kernel’s IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the ‘hop_limit’ to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

30 April 2015

USN-2580-1: tcpdump vulnerabilities

It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

27 April 2015

USN-2578-1: LibreOffice vulnerabilities

Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2014-9093) It was discovered that LibreOffice incorrectly handled certain HWP files. If a user…

27 April 2015

USN-2571-1: Firefox vulnerability

Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2706)

24 April 2015

USN-2576-1: usb-creator vulnerability

Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

23 April 2015

USN-2575-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

21 April 2015

USN-2573-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal…

21 April 2015

USN-2572-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330) It was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote…

20 April 2015

USN-2568-1: libx11, libxrender vulnerability

Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates…

13 April 2015

USN-2567-1: NTP vulnerabilities

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798) Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service….

13 April 2015

USN-2566-1: dpkg vulnerability

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

9 April 2015

USN-2562-1: Linux kernel (Trusty HWE) vulnerabilities

Sun Baoliang discovered a use after free flaw in the Linux kernel’s SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the…

8 April 2015

USN-2561-1: Linux kernel (OMAP4) vulnerabilities

It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. (CVE-2014-8159) An integer overflow was discovered in the…

8 April 2015

USN-2560-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel’s handling of userspace configuration of the…

8 April 2015

USN-2559-1: Libtasn1 vulnerability

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

8 April 2015

USN-2558-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user.

7 April 2015

USN-2557-1: Firefox vulnerability

Muneaki Nishimura discovered a flaw in Mozilla’s HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a man in the middle attack. (CVE-2015-0799)

7 April 2015

USN-2552-1: Thunderbird vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Christoph Kerschbaumer discovered that CORS requests…

2 April 2015

USN-2553-2: LibTIFF regression

USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF…

1 April 2015

USN-2550-1: Firefox vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Bobby Holley discovered that windows created to hold privileged UI…

1 April 2015

USN-2555-1: Libgcrypt vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side…

1 April 2015

USN-2554-1: GnuPG vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side…

1 April 2015

USN-2553-1: LibTIFF vulnerabilities

William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128,…

31 March 2015

USN-2549-1: libarchive vulnerabilities

It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the –insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. (CVE-2015-2304) Fabian Yamaguchi…

25 March 2015

USN-2548-1: Batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

25 March 2015

USN-2547-1: Mono vulnerabilities

It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle…

24 March 2015

USN-2543-1: Linux kernel (Trusty HWE) vulnerabilities

Eric Windisch discovered flaw in how the Linux kernel’s XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. (CVE-2015-0274) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could…

24 March 2015

USN-2542-1: Linux kernel (OMAP4) vulnerabilities

The Linux kernel’s splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-7822) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local…

24 March 2015

USN-2541-1: Linux kernel vulnerabilities

The Linux kernel’s splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-7822) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local…

24 March 2015

USN-2540-1: GnuTLS vulnerabilities

It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. (CVE-2014-8155) Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a…

23 March 2015

USN-2539-1: Django vulnerabilities

Andrey Babak discovered that Django incorrectly handled strip_tags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2316) Daniel Chatfield discovered that Django incorrectly handled…

23 March 2015

USN-2538-1: Firefox vulnerabilities

A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817) Mariusz Mlynski discovered a flaw in the…

22 March 2015

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0209) Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could…

19 March 2015

USN-2536-1: libXfont vulnerabilities

Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

18 March 2015

USN-2535-1: PHP vulnerabilities

Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use…

18 March 2015

USN-2534-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

17 March 2015

USN-2533-1: Sudo vulnerability

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.

16 March 2015

USN-2527-1: Linux kernel (Trusty HWE) vulnerability

It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

12 March 2015

USN-2526-1: Linux kernel vulnerability

It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

12 March 2015

USN-2524-1: eCryptfs vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

11 March 2015

USN-2522-3: ICU vulnerabilities

USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled memory operations when processing fonts. If an…

10 March 2015

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704) Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote…

10 March 2015

USN-2505-2: Firefox regression

USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated “-remote” command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from…

9 March 2015

USN-2522-2: ICU regression

USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have been temporarily backed out until the regression is investigated. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled memory operations when …

6 March 2015

USN-2522-1: ICU vulnerabilities

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383,…

5 March 2015

USN-2515-2: Linux kernel (Trusty HWE) vulnerabilities regression

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER…

4 March 2015

USN-2506-1: Thunderbird vulnerabilities

Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Abhishek Arya…

3 March 2015

USN-2520-1: CUPS vulnerability

Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

26 February 2015

USN-2519-1: GNU C Library vulnerabilities

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423) It was discovered that the GNU C…

26 February 2015

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an…

26 February 2015

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) A flaw was discovered in the…

26 February 2015

USN-2513-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) A flaw was discovered in the…

26 February 2015

USN-2505-1: Firefox vulnerabilities

Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819) Jan de Mooij discovered an issue that affects content using the…

25 February 2015

USN-2510-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

24 February 2015

USN-2509-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.

23 February 2015

USN-2508-1: Samba vulnerability

Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.

23 February 2015

USN-2507-1: e2fsprogs vulnerabilities

Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. (CVE-2015-0247, CVE-2015-1572)

23 February 2015

USN-2504-1: NSS update

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.

19 February 2015

USN-2503-1: Bind vulnerability

Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.

18 February 2015

USN-2502-1: unzip vulnerabilities

William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

17 February 2015

USN-2501-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8142, CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker…

17 February 2015

USN-2500-1: X.Org X server vulnerabilities

Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled…

17 February 2015

USN-2499-1: PostgreSQL vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. (CVE-2014-8161) Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An…

11 February 2015

USN-2498-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5351) It was discovered that the…

10 February 2015

USN-2496-1: GNU binutils vulnerabilities

Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in…

9 February 2015

USN-2497-1: NTP vulnerabilities

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297) Stephen Roettger discovered that NTP incorrectly…

9 February 2015

USN-2469-2: Django regression

USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jedediah Smith discovered that Django incorrectly…

4 February 2015

USN-2494-1: file vulnerabilities

Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of…

4 February 2015

USN-2493-1: Linux kernel (OMAP4) vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel’s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information…

4 February 2015

USN-2492-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel’s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information…

4 February 2015

USN-2489-1: unzip vulnerability

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

3 February 2015

USN-2488-1: ClamAV vulnerability

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

2 February 2015

USN-2486-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities…

27 January 2015

USN-2485-1: GNU C Library vulnerability

It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.

27 January 2015

USN-2458-3: Firefox regression

USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron…

27 January 2015

USN-2483-1: JasPer vulnerabilities

Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly…

26 January 2015

USN-2482-1: elfutils vulnerability

Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

23 January 2015

USN-2480-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

22 January 2015

USN-2460-1: Thunderbird vulnerabilities

Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user…

19 January 2015

USN-2479-1: RPM vulnerabilities

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435) Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this…

19 January 2015

USN-2478-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

19 January 2015

USN-2477-1: libevent vulnerability

Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

19 January 2015

USN-2474-1: curl vulnerability

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests.

15 January 2015

USN-2473-1: coreutils vulnerabilities

It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. (CVE-2009-4135) Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could…

14 January 2015

USN-2458-2: Ubufox update

USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to …

14 January 2015

USN-2458-1: Firefox vulnerabilities

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or…

14 January 2015

USN-2472-1: unzip vulnerabilities

Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

14 January 2015

USN-2471-1: GParted vulnerability

Wolfgang Ettlinger discovered that GParted incorrectly filtered shell metacharacters when running external commands. A local attacker could use this issue with a crafted filesystem label to run arbitrary commands as the administrator.

14 January 2015

USN-2470-1: Git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

14 January 2015

USN-2469-1: Django vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform…

13 January 2015

USN-2465-1: Linux kernel (Trusty HWE) vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel’s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the…

13 January 2015

USN-2464-1: Linux kernel (OMAP4) vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel…

13 January 2015

USN-2463-1: Linux kernel vulnerabilities

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates…

13 January 2015

USN-2461-2: libyaml-libyaml-perl vulnerability

Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2461-1: LibYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2461-3: PyYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2459-1: OpenSSL vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL…

12 January 2015

USN-2456-1: GNU cpio vulnerabilities

Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio’s rmt client…

8 January 2015

USN-2455-1: bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the “expandaddr”…

7 January 2015

USN-2453-1: mime-support vulnerability

Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

7 January 2015

USN-2452-1: NSS vulnerability

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

7 January 2015

USN-2449-1: NTP vulnerabilities

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the…

22 December 2014

USN-2445-1: Linux kernel (Trusty HWE) vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel…

12 December 2014

USN-2444-1: Linux kernel (OMAP4) vulnerabilities

Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux…

12 December 2014

USN-2443-1: Linux kernel vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel…

12 December 2014

USN-2440-1: Mutt vulnerability

Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.

11 December 2014

USN-2439-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840) Paolo Bonzini…

11 December 2014

USN-2438-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

10 December 2014

USN-2436-2: X.Org X server vulnerabilities

USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory details: Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally…

10 December 2014

USN-2437-1: Bind vulnerability

Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.

9 December 2014

USN-2436-1: X.Org X server vulnerabilities

Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

9 December 2014

USN-2435-1: Graphviz vulnerability

It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code.

9 December 2014

USN-2434-1: JasPer vulnerability

Jose Duart discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.

8 December 2014

USN-2431-2: MAAS regression

USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A…

4 December 2014

USN-2433-1: tcpdump vulnerabilities

Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8767) Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this…

4 December 2014

USN-2432-1: GNU C Library vulnerabilities

Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656) Adhemerval Zanella Netto…

3 December 2014

USN-2428-1: Thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code…

3 December 2014

USN-2431-1: mod_wsgi vulnerability

It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

3 December 2014

USN-2424-1: Firefox vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of…

2 December 2014

USN-2430-1: OpenVPN vulnerability

Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

2 December 2014

USN-2429-1: ppp vulnerability

It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges.

1 December 2014

USN-2427-1: Libksba vulnerability

Hanno Böck discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2014

USN-2426-1: FLAC vulnerabilities

Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2014

USN-2425-1: DBus vulnerability

It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824)

27 November 2014

USN-2423-1: ClamAV vulnerabilities

Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6497) Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use…

26 November 2014

USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in how the Linux kernel’s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in…

25 November 2014

USN-2418-1: Linux kernel (OMAP4) vulnerabilities

Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the…

25 November 2014

USN-2417-1: Linux kernel vulnerabilities

Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the…

25 November 2014

USN-2414-1: KDE-Runtime vulnerability

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.

24 November 2014

USN-2412-1: Ruby vulnerability

Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service.

20 November 2014

USN-2409-1: QEMU vulnerabilities

Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using…

13 November 2014

USN-2402-1: KDE workspace vulnerability

David Edmundson discovered that the KDE Clock KCM policykit helper did not properly guard against untrusted input. Under certain circumstances, a process running under the user’s session could exploit this to run programs as the administrator.

11 November 2014

USN-2401-1: Konversation vulnerability

Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.

10 November 2014

USN-2400-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled OLE preview generation. If a user were tricked into opening a crafted document, an attacker could possibly exploit this to embed arbitrary data into documents.

10 November 2014

USN-2399-1: curl vulnerability

Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server.

10 November 2014

USN-2397-1: Ruby vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis…

4 November 2014

USN-2394-1: Linux kernel (Trusty HWE) vulnerabilities

Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the…

30 October 2014

USN-2393-1: Wget vulnerability

HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution.

30 October 2014

USN-2391-1: php5 vulnerabilities

Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP…

30 October 2014

USN-2390-1: Pidgin vulnerabilities

Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3694) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain…

28 October 2014

USN-2389-1: libxml2 vulnerability

It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

27 October 2014

USN-2386-1: OpenJDK 6 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519,…

17 October 2014

USN-2385-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3513) It was discovered that OpenSSL incorrectly handled…

16 October 2014

USN-2384-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

15 October 2014

USN-2373-1: Thunderbird vulnerabilities

Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with…

15 October 2014

USN-2383-1: wpa_supplicant vulnerability

Jouni Malinen discovered that the wpa_cli tool incorrectly sanitized strings when being used with action scripts. A remote attacker could possibly use this issue to execute arbitrary commands.

14 October 2014

USN-2372-1: Firefox vulnerabilities

Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and Jeff Walden discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via…

14 October 2014

USN-2381-1: Rsyslog vulnerabilities

It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss. (CVE-2014-3634, CVE-2014-3683)

9 October 2014

USN-2380-1: Bash vulnerabilities

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277,…

9 October 2014

USN-2378-1: Linux kernel (Trusty HWE) vulnerabilities

Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in…

9 October 2014

USN-2377-1: Linux kernel (OMAP4) vulnerabilities

Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) A bounds check error was discovered in the driver for the Logitech…

9 October 2014

USN-2376-1: Linux kernel vulnerabilities

Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) A bounds check error was discovered in the driver for the Logitech…

9 October 2014

USN-2371-1: Exuberant Ctags vulnerability

It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service.

8 October 2014

USN-2370-1: APT vulnerability

Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions.

8 October 2014

USN-2369-1: file vulnerability

It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.

3 October 2014

USN-2368-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

2 October 2014

USN-2367-1: OpenSSL update

For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure…

2 October 2014

USN-2366-1: libvirt vulnerabilities

Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu…

30 September 2014

USN-2365-1: LibVNCServer vulnerabilities

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052) Nicolas Ruff discovered that…

29 September 2014

USN-2364-1: Bash vulnerabilities

Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187) In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment…

27 September 2014

USN-2363-1: Bash vulnerability

Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169)

25 September 2014

USN-2360-2: Thunderbird vulnerabilities

USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

24 September 2014

USN-2360-1: Firefox vulnerabilities

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

24 September 2014

USN-2361-1: NSS vulnerability

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

24 September 2014

USN-2362-1: Bash vulnerability

Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.

24 September 2014

USN-2358-1: Linux kernel (Trusty HWE) vulnerabilities

Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication…

23 September 2014

USN-2357-1: Linux kernel (OMAP4) vulnerabilities

Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Chris Evans reported an flaw in the Linux kernel’s…

23 September 2014

USN-2356-1: Linux kernel vulnerabilities

Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Chris Evans reported an flaw in the Linux kernel’s…

23 September 2014

USN-2353-1: APT vulnerability

It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a…

23 September 2014

USN-2352-1: DBus vulnerabilities

Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3635) Alban Crequy discovered that DBus…

22 September 2014

USN-2350-1: NSS update

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.

22 September 2014

USN-2349-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

17 September 2014

USN-2348-1: APT vulnerabilities

It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn’t met. (CVE-2014-0487) It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. (CVE-2014-0488) It was discovered that the APT Acquire::GzipIndexes option caused APT to skip…

16 September 2014

USN-2347-1: Django vulnerabilities

Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. (CVE-2014-0480) David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service….

16 September 2014

USN-2346-1: curl vulnerabilities

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. (CVE-2014-3613) Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a…

15 September 2014

USN-2330-1: Thunderbird vulnerabilities

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or…

11 September 2014

USN-2344-1: PHP vulnerabilities

It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587) It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a…

10 September 2014

USN-2343-1: NSS vulnerability

Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race condition when performing certificate validation. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 September 2014

USN-2342-1: QEMU vulnerabilities

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527,…

8 September 2014

USN-2341-1: CUPS vulnerabilities

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

8 September 2014

USN-2340-1: procmail vulnerability

Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

4 September 2014

USN-2339-2: Libgcrypt vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

3 September 2014

USN-2339-1: GnuPG vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

3 September 2014

USN-2338-1: Lua vulnerability

It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

3 September 2014

USN-2329-1: Firefox vulnerabilities

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary…

2 September 2014

USN-2336-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel virtual machine’s (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege….

2 September 2014

USN-2335-1: Linux kernel (OMAP4) vulnerabilities

An flaw was discovered in the Linux kernel’s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in…

2 September 2014

USN-2334-1: Linux kernel vulnerabilities

An flaw was discovered in the Linux kernel’s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in…

2 September 2014

USN-2328-1: GNU C Library vulnerability

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119) USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for…

29 August 2014

USN-2327-1: Squid 3 vulnerability

Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

28 August 2014

USN-2317-1: Linux kernel (Trusty HWE) vulnerabilities

Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel’s user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. (CVE-2014-5207) Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces….

18 August 2014

USN-2316-1: Subversion vulnerabilities

Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did…

14 August 2014

USN-2315-1: serf vulnerability

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

14 August 2014

USN-2313-1: Linux kernel (Trusty HWE) vulnerability

An flaw was discovered in the Linux kernel’s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

13 August 2014

USN-2312-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK…

12 August 2014

USN-2310-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ…

11 August 2014

USN-2309-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

11 August 2014

USN-2308-1: OpenSSL vulnerabilities

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505) Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use…

7 August 2014

USN-2307-1: GPGME vulnerability

Tomáš Trnka discovered that GPGME incorrectly handled certain certificate line lengths. An attacker could use this issue to cause applications using GPGME to crash, resulting in a denial of service, or possibly execute arbitrary code.

6 August 2014

USN-2306-1: GNU C Library vulnerabilities

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this…

4 August 2014

USN-2304-1: KDE-Libs vulnerability

It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

31 July 2014

USN-2302-1: Tomcat vulnerabilities

David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. (CVE-2014-0075) It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use…

30 July 2014

USN-2301-1: Jinja2 vulnerabilities

It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.

24 July 2014

USN-2300-1: LZO vulnerability

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.

24 July 2014

USN-2299-1: Apache HTTP Server vulnerabilities

Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module…

23 July 2014

USN-2296-1: Thunderbird vulnerabilities

Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user…

22 July 2014

USN-2295-1: Firefox vulnerabilities

Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve Fink, Terrence Cole, Gijs Kruitbosch and Cătălin Badea discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could…

22 July 2014

USN-2297-1: acpi-support vulnerability

CESG discovered that acpi-support incorrectly handled certain privileged operations when checking for power management daemons. A local attacker could use this flaw to execute arbitrary code and elevate privileges to root.

22 July 2014

USN-2294-1: Libtasn1 vulnerabilities

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467) It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit…

22 July 2014

USN-2293-1: CUPS vulnerability

Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

21 July 2014

USN-2291-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

17 July 2014

USN-2288-1: Linux kernel (Trusty HWE) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Salva Peiró discovered an information leak in the Linux kernel’s media- device driver. A local attacker could exploit this…

17 July 2014

USN-2287-1: Linux kernel (Saucy HWE) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel’s segmentation of skbs when using the zerocopy feature…

17 July 2014

USN-2286-1: Linux kernel (Raring HWE) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel’s segmentation of skbs when using the zerocopy feature…

17 July 2014

USN-2285-1: Linux kernel (Quantal HWE) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel’s segmentation of skbs when using the zerocopy feature…

17 July 2014

USN-2284-1: Linux kernel (OMAP4) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit…

16 July 2014

USN-2283-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel’s segmentation of skbs when using the zerocopy…

16 July 2014

USN-2280-1: MiniUPnPc vulnerability

It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.

16 July 2014

USN-2279-1: Transmission vulnerability

Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

16 July 2014

USN-2278-1: file vulnerabilities

Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2013-7345) Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to…

15 July 2014

USN-2277-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

15 July 2014

USN-2276-1: PHP vulnerabilities

Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Stefan Esser discovered that PHP incorrectly handled…

9 July 2014

USN-2275-1: DBus vulnerabilities

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. (CVE-2014-3477) Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use…

8 July 2014

USN-2272-1: Linux kernel (Trusty HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

5 July 2014

USN-2271-1: Linux kernel (Saucy HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

5 July 2014

USN-2270-1: Linux kernel (Raring HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

5 July 2014

USN-2269-1: Linux kernel (Quantal HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

5 July 2014

USN-2268-1: Linux kernel vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel’s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

5 July 2014

USN-2265-1: NSPR vulnerability

Abhishek Arya discovered that NSPR incorrectly handled certain console functions. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

2 July 2014

USN-2263-1: Linux kernel (OMAP4) vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel’s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739) A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial…

27 June 2014

USN-2262-1: Linux kernel (Quantal HWE) vulnerabilities

A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3144) A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw…

27 June 2014

USN-2261-1: Linux kernel (Saucy HWE) vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel’s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739) A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial…

27 June 2014

USN-2260-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. (CVE-2014-0196) Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause…

27 June 2014

USN-2259-1: Linux kernel vulnerabilities

Salva Peiró discovered an information leak in the Linux kernel’s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739) A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial…

27 June 2014

USN-2258-1: GnuPG vulnerability

Jean-René Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.

26 June 2014

USN-2257-1: Samba vulnerabilities

Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178) It was discovered that the Samba internal DNS server…

26 June 2014

USN-2254-1: PHP vulnerabilities

Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo…

23 June 2014

USN-2232-3: OpenSSL regression

USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue…

23 June 2014

USN-2250-1: Thunderbird vulnerabilities

Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via…

19 June 2014

USN-2247-1: OpenStack Nova vulnerabilities

Darragh O’Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-1068) Bernhard M. Wiedemann and Pedraig Brady…

17 June 2014

USN-2246-1: APT vulnerability

Jakub Wilk discovered that APT did not correctly validate signatures when downloading source packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered source packages.

17 June 2014

USN-2214-3: libxml2 regression

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were …

17 June 2014

USN-2232-2: OpenSSL regression

USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use…

12 June 2014

USN-2245-1: json-c vulnerabilities

Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. (CVE-2013-6370) Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a…

12 June 2014

USN-2244-1: Libav vulnerability

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

11 June 2014

USN-2243-1: Firefox vulnerabilities

Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these…

11 June 2014

USN-2242-1: dpkg vulnerabilities

It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

10 June 2014

USN-2214-2: libxml2 regression

USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the –postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If…

9 June 2014

USN-2239-1: Linux kernel (Saucy HWE) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the Linux kernel virtual machine’s (kvm) validation of interrupt requests (irq). A guest OS user could…

5 June 2014

USN-2238-1: Linux kernel (Raring HWE) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the Linux kernel’s IPC reference counting. An unprivileged local user could exploit this flaw to cause a…

5 June 2014

USN-2237-1: Linux kernel (Quantal HWE) vulnerability

Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges.

5 June 2014

USN-2236-1: Linux kernel (OMAP4) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of…

5 June 2014

USN-2235-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of…

5 June 2014

USN-2232-1: OpenSSL vulnerabilities

Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL…

5 June 2014

USN-2230-1: chkrootkit vulnerability

Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges.

4 June 2014

USN-2229-1: GnuTLS vulnerability

Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a man in the middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

2 June 2014

USN-2227-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. (CVE-2014-0196) Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could…

27 May 2014

USN-2225-1: Linux kernel (Saucy HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged…

27 May 2014

USN-2224-1: Linux kernel (Raring HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged…

27 May 2014

USN-2223-1: Linux kernel (Quantal HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged…

27 May 2014

USN-2222-1: mod_wsgi vulnerabilities

Róbert Kisteleki discovered mod_wsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. (CVE-2014-0240) Buck Golemon discovered that mod_wsgi used memory that had been freed. A remote attacker could use this issue to read process memory via…

26 May 2014

USN-2221-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged…

26 May 2014

USN-2218-1: Xalan-Java vulnerability

Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources.

21 May 2014

USN-2217-1: lxml vulnerability

It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.

21 May 2014

USN-2216-1: Pidgin vulnerability

It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 May 2014

USN-2215-1: libgadu vulnerability

It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 May 2014

USN-2214-1: libxml2 vulnerability

Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

15 May 2014

USN-2213-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service.

15 May 2014

USN-2212-1: Django vulnerabilities

Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in…

15 May 2014

USN-2211-1: libXfont vulnerabilities

Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server…

14 May 2014

USN-2207-1: OpenStack Swift vulnerability

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients.

6 May 2014

USN-2205-1: LibTIFF vulnerabilities

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue…

6 May 2014

USN-2201-1: Linux kernel (Saucy HWE) vulnerability

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

6 May 2014

USN-2200-1: Linux kernel (Raring HWE) vulnerability

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

6 May 2014

USN-2199-1: Linux kernel (Quantal HWE) vulnerability

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

6 May 2014

USN-2198-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel’s pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

6 May 2014

USN-2192-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled memory in the ssl3_read_bytes() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. (CVE-2010-5298) It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this issue…

5 May 2014

USN-2191-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,…

1 May 2014

USN-2183-2: dpkg vulnerability

USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an…

1 May 2014

USN-2189-1: Thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via…

30 April 2014

USN-2185-1: Firefox vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a…

29 April 2014

USN-2183-1: dpkg vulnerability

Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

28 April 2014

USN-2182-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled…

28 April 2014

USN-2177-1: Linux kernel (Saucy HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a…

26 April 2014

USN-2176-1: Linux kernel (Raring HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a…

26 April 2014

USN-2175-1: Linux kernel (Quantal HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged local user could exploit this flaw to cause a…

26 April 2014

USN-2172-1: CUPS vulnerability

Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.

24 April 2014

USN-2170-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

23 April 2014

USN-2169-2: Django regression

USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory details: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue …

23 April 2014

USN-2169-1: Django vulnerabilities

Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages…

22 April 2014

USN-2168-1: Python Imaging Library vulnerabilities

Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents. (CVE-2014-1932, CVE-2014-1933)

15 April 2014

USN-2167-1: curl vulnerabilities

Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. (CVE-2014-0138) Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP…

14 April 2014

USN-2166-1: Net-SNMP vulnerabilities

Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. (CVE-2012-6151) It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to cause the server to…

14 April 2014

USN-2124-2: OpenJDK 6 regression

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information …

8 April 2014

USN-2165-1: OpenSSL vulnerabilities

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL…

7 April 2014

USN-2164-1: OpenSSH vulnerability

Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.

7 April 2014

USN-2163-1: PHP vulnerability

It was discovered that PHP’s embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

7 April 2014

USN-2162-1: file vulnerability

It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.

7 April 2014

USN-2161-1: libyaml-libyaml-perl vulnerabilities

Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6393) Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed…

3 April 2014

USN-2160-1: LibYAML vulnerability

Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

3 April 2014

USN-2159-1: NSS vulnerability

It was discovered that NSS incorrectly handled wildcard certificates when used with internationalized domain names. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

2 April 2014

USN-2158-1: Linux kernel (Raring HWE) vulnerabilities

Stephan Mueller reported an error in the Linux kernel’s ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user…

1 April 2014

USN-2157-1: ClamAV update

This updates ClamAV to a new major version in order to gain new detection technologies and maintain proper compatibility with the virus signature database.

27 March 2014

USN-2156-1: Samba vulnerability

Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.

26 March 2014

USN-2155-1: OpenSSH vulnerability

Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions.

25 March 2014

USN-2154-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20130906 package.

24 March 2014

USN-2153-1: initramfs-tools vulnerability

Kees Cook discovered that initramfs-tools incorrectly mounted /run without the noexec option, contrary to expected behaviour.

24 March 2014

USN-2152-1: Apache HTTP Server vulnerabilities

Ning Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. (CVE-2013-6438) Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. A…

24 March 2014

USN-2151-1: Thunderbird vulnerabilities

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or…

21 March 2014

USN-2150-1: Firefox vulnerabilities

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of…

18 March 2014

USN-2149-2: GTK+ update

USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. Original advisory details: It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain…

17 March 2014

USN-2149-1: librsvg vulnerability

It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.

17 March 2014

USN-2147-1: Mutt vulnerability

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in mutt while expanding addresses when parsing email headers. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking mutt.

13 March 2014

USN-2146-1: Sudo vulnerabilities

Sebastien Macke discovered that Sudo incorrectly handled blacklisted environment variables when the env_reset option was disabled. A local attacker could use this issue to possibly run unintended commands by using blacklisted environment variables. In a default Ubuntu installation, the env_reset option is enabled by default. This issue only…

13 March 2014

USN-2145-1: libssh vulnerability

Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks.

12 March 2014

USN-2143-1: cups-filters vulnerabilities

Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. This issue only affected Ubuntu 13.10. (CVE-2013-6473) Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp…

12 March 2014

USN-2142-1: UDisks vulnerability

Florian Weimer discovered that UDisks incorrectly handled certain long path names. A local attacker could use this issue to cause udisks to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

10 March 2014

USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities

An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network….

7 March 2014

USN-2136-1: Linux kernel (Raring HWE) vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel’s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)…

7 March 2014

USN-2135-1: Linux kernel (Quantal HWE) vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel’s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)…

7 March 2014

USN-2134-1: Linux kernel (OMAP4) vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel’s Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user…

7 March 2014

USN-2133-1: Linux kernel vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel’s Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user…

7 March 2014

USN-2132-1: ImageMagick vulnerabilities

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memory consumption, resulting in a denial of service….

6 March 2014

USN-2131-1: IcedTea Web vulnerability

Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion. A local attacker could possibly use this issue to obtain or modify sensitive information from other local user sessions.

6 March 2014

USN-2130-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. (CVE-2013-4286) It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the…

6 March 2014

USN-2127-1: GnuTLS vulnerability

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.

4 March 2014

USN-2126-1: PHP vulnerabilities

Bernd Melchers discovered that PHP’s embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-1943) It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could…

3 March 2014

USN-2125-1: Python vulnerability

Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.

3 March 2014

USN-2124-1: OpenJDK 6 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit…

27 February 2014

USN-2123-1: file vulnerabilities

It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-1571) Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use…

26 February 2014

USN-2122-1: FreeRADIUS vulnerabilities

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. (CVE-2011-4966) Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of…

26 February 2014

USN-2121-1: GnuTLS vulnerability

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.

25 February 2014

USN-2120-1: PostgreSQL vulnerabilities

Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. (CVE-2014-0060) Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated…

24 February 2014

USN-2102-2: Firefox regression

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan…

19 February 2014

USN-2119-1: Thunderbird vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of…

19 February 2014

USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the…

18 February 2014

USN-2112-1: Linux kernel (Raring HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel’s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel’s per event subsystem that allows normal users to enable function tracing….

18 February 2014

USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel’s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign…

18 February 2014

USN-2110-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel’s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel’s ansi cprng random number generator. This flaw makes it easier for a local attacker to…

18 February 2014

USN-2109-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel’s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel’s ansi cprng random number generator. This flaw makes it easier for a local attacker to…

18 February 2014

USN-2105-1: MAAS vulnerabilities

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. (CVE-2013-1069) Chris Glass discovered that the MAAS API was…

13 February 2014

USN-2098-2: LibYAML regression

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker…

13 February 2014

USN-2103-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

11 February 2014

USN-2102-1: Firefox vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a…

10 February 2014

USN-2101-1: libgadu vulnerability

Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 February 2014

USN-2100-1: Pidgin vulnerabilities

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2012-6152) Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue to cause Pidgin to…

6 February 2014

USN-2099-1: Perl vulnerability

It was discovered that Perl’s Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.

5 February 2014

USN-2098-1: LibYAML vulnerability

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

4 February 2014

USN-2097-1: curl vulnerability

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.

3 February 2014

USN-2095-1: Linux kernel (Saucy HWE) vulnerability

Pageexec reported a bug in the Linux kernel’s recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

31 January 2014

USN-2094-1: Linux kernel (Raring HWE) vulnerability

Pageexec reported a bug in the Linux kernel’s recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

31 January 2014

USN-2093-1: libvirt vulnerabilities

Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-6436) Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local…

30 January 2014

USN-2092-1: QEMU vulnerabilities

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This…

30 January 2014

USN-2091-1: OTR vulnerabilities

This update disables the OTR v1 protocol to prevent protocol downgrade attacks.

29 January 2014

USN-2090-1: Munin vulnerabilities

Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. (CVE-2013-6048) Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to…

27 January 2014

USN-2088-1: NSS vulnerability

Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

23 January 2014

USN-2087-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.

23 January 2014

USN-2086-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the updated packages contain bug fixes, new features,…

21 January 2014

USN-2085-1: HPLIP vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. (CVE-2013-6402) It was discovered that HPLIP contained an upgrade tool…

21 January 2014

USN-2084-1: devscripts vulnerability

It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.

21 January 2014

USN-2083-1: Graphviz vulnerabilities

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. (CVE-2014-0978, CVE-2014-1235) It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a…

16 January 2014

USN-2081-1: Bind vulnerability

Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

13 January 2014

USN-2080-1: Memcached vulnerabilities

Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. (CVE-2011-4971) Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this…

13 January 2014

USN-2079-1: OpenSSL vulnerabilities

Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-4353) Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to…

9 January 2014

USN-2077-2: Puppet regression

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this…

9 January 2014

USN-2078-1: libXfont vulnerability

It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

7 January 2014

USN-2077-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

6 January 2014

USN-2070-1: Linux kernel (Saucy HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel’s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel’s per event subsystem that allows normal users to enable function tracing….

3 January 2014

USN-2069-1: Linux kernel (Raring HWE) vulnerabilities

Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the…

3 January 2014

USN-2068-1: Linux kernel (Quantal HWE) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel’s per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel’s ansi cprng random number…

3 January 2014

USN-2067-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a…

3 January 2014

USN-2066-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a…

3 January 2014

USN-2063-1: NSS vulnerability

It was discovered that an intermediate certificate was incorrectly issued by a subordinate certificate authority of a trusted CA included in NSS. This intermediate certificate could be used in a man-in-the-middle attack, and has such been marked as untrusted in this update.

20 December 2013

USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities

Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

19 December 2013

USN-2059-1: GnuPG vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.

18 December 2013

USN-2058-1: curl vulnerability

Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted…

18 December 2013

USN-2057-1: Qt vulnerability

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.

17 December 2013

USN-2056-1: DjVuLibre vulnerability

It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, applications could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

16 December 2013

USN-2055-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash,…

12 December 2013

USN-2053-1: Thunderbird vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges…

11 December 2013

USN-2052-1: Firefox vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the…

11 December 2013

USN-2054-1: Samba vulnerabilities

It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. (CVE-2012-6150) Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length…

11 December 2013

USN-2051-1: GIMP vulnerability

Murray McAllister discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

9 December 2013

USN-2048-2: curl regression

USN-2048-1 fixed a vulnerability in curl. The security fix uncovered a bug in the curl command line tool which resulted in the –insecure (-k) option not working as intended. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Scott Cantor discovered that libcurl incorrectly verified CN and SAN name …

6 December 2013

USN-2048-1: curl vulnerability

Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

5 December 2013

USN-2047-1: pixman vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash.

3 December 2013

USN-2042-1: Linux kernel (Saucy HWE) vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a…

3 December 2013

USN-2041-1: Linux kernel (Raring HWE) vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain…

3 December 2013

USN-2040-1: Linux kernel (Quantal HWE) vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a…

3 December 2013

USN-2039-1: Linux kernel (OMAP4) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) A flaw was discovered in…

3 December 2013

USN-2038-1: Linux kernel vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) A flaw was discovered in…

3 December 2013

USN-2035-1: Ruby vulnerabilities

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-4164) Vit Ondruch discovered…

27 November 2013

USN-2033-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit…

21 November 2013

USN-2032-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607)

21 November 2013

USN-2031-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607)

20 November 2013

USN-2030-1: NSS vulnerabilities

Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu…

18 November 2013

USN-2025-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

11 November 2013

USN-2020-1: Linux kernel (Raring HWE) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) Dan Carpenter discovered…

8 November 2013

USN-2019-1: Linux kernel (Quantal HWE) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) Kees Cook discovered flaw…

8 November 2013

USN-2018-1: Linux kernel (OMAP4) vulnerabilities

A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a…

8 November 2013

USN-2017-1: Linux kernel vulnerabilities

A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a…

8 November 2013

USN-2013-1: MAAS vulnerabilities

It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. (CVE-2013-1057) It was discovered that maas-import-pxe-files doesn’t cryptographically verify…

7 November 2013

USN-2011-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

4 November 2013

USN-2010-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

31 October 2013

USN-2009-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1739, CVE-2013-5590,…

29 October 2013

USN-2008-1: Suds vulnerability

Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

24 October 2013

USN-2007-1: Apport vulnerability

Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.

24 October 2013

USN-2006-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug…

24 October 2013

USN-2000-1: Nova vulnerabilities

It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. (CVE-2013-2256, CVE-2013-4278) Grant Murphy discovered that Nova would allow XML entity…

23 October 2013

USN-2001-1: Swift vulnerability

Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.

23 October 2013

USN-1995-1: Linux kernel (Raring HWE) vulnerabilities

An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2237) Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux…

22 October 2013

USN-1994-1: Linux kernel (Quantal HWE) vulnerability

Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

22 October 2013

USN-1993-1: Linux kernel (OMAP4) vulnerability

An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

22 October 2013

USN-1992-1: Linux kernel vulnerability

An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

22 October 2013

USN-1991-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker…

21 October 2013

USN-1990-1: X.Org X server vulnerabilities

Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396) It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker…

17 October 2013

USN-1989-1: ICU vulnerabilities

It was discovered that ICU contained a race condition affecting multi- threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10….

15 October 2013

USN-1987-1: GnuPG vulnerabilities

Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in…

9 October 2013

USN-1986-1: Network Audio System (NAS) vulnerabilities

Hamid Zamani discovered multiple security issues in the Network Audio System (NAS) server. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2013-4256, CVE-2013-4257)

1 October 2013

USN-1984-1: Python 3.2 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. (CVE-2013-2099) Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject…

1 October 2013

USN-1983-1: Python 2.7 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. (CVE-2013-2099) Ryan Sleevi discovered that Python did not properly handle…

1 October 2013

USN-1981-1: HPLIP vulnerabilities

It was discovered that HPLIP incorrectly handled temporary files when using the fax capabilities. A local attacker could possibly use this issue to overwrite arbitrary files. This issue only applied to Ubuntu 10.04 LTS. (CVE-2011-2722) Tim Waugh discovered that HPLIP incorrectly handled temporary files when printing. A local attacker could…

30 September 2013

USN-1978-1: libKDcraw vulnerabilities

It was discovered that libKDcraw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against libKDcraw could be made to crash, resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)

30 September 2013

USN-1980-1: Vino vulnerability

Jonathan Claudius discovered that Vino incorrectly handled closing invalid connections. A remote attacker could use this issue to cause Vino to consume resources, resulting in a denial of service.

30 September 2013

USN-1979-1: txt2man vulnerability

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.

30 September 2013

USN-1971-1: Linux kernel (Raring HWE) vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory…

27 September 2013

USN-1970-1: Linux kernel (Quantal HWE) vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A failure to validate block numbers was discovered in the Linux kernel’s implementation of the XFS filesystem. A local user can cause a…

27 September 2013

USN-1969-1: Linux kernel (OMAP4) vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A failure to validate block numbers was discovered in the Linux kernel’s implementation of the XFS filesystem. A local user can cause a…

27 September 2013

USN-1968-1: Linux kernel vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A failure to validate block numbers was discovered in the Linux kernel’s implementation of the XFS filesystem. A local user can cause a…

27 September 2013

USN-1966-1: Samba vulnerability

Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

24 September 2013

USN-1967-1: Django vulnerabilities

It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. (CVE-2013-1443) It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. (CVE-2013-4315) It was discovered that the…

24 September 2013

USN-1965-1: pyOpenSSL vulnerability

It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

23 September 2013

USN-1964-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)

23 September 2013

USN-1952-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

18 September 2013

USN-1963-1: usb-creator vulnerability

It was discovered that usb-creator was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1962-1: ubuntu-system-service vulnerability

It was discovered that ubuntu-system-service was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1960-1: Software Properties vulnerability

It was discovered that Software Properties was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1959-1: RealtimeKit vulnerability

It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1958-1: language-selector vulnerability

It was discovered that language-selector was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1957-1: Jockey vulnerability

It was discovered that Jockey was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1956-1: HPLIP vulnerability

It was discovered that HPLIP was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1955-1: apt-xapian-index vulnerability

It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1954-1: libvirt vulnerabilities

It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. (CVE-2013-4311) It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use…

18 September 2013

USN-1953-1: polkit vulnerability

It was discovered that polkit didn’t allow applications to use the pkcheck tool in a way which prevented a race condition in the UID lookup. A local attacker could use this flaw to possibly escalate privileges.

18 September 2013

USN-1951-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1718, CVE-2013-1719) Atte Kettunen…

17 September 2013

USN-1948-1: httplib2 vulnerability

It was discovered that httplib2 only validated SSL certificates on the first request to a connection, and didn’t report validation failures on subsequent requests. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in…

9 September 2013

USN-1947-1: Linux kernel (Quantal HWE) vulnerabilities

A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a…

7 September 2013

USN-1943-1: Linux kernel (Raring HWE) vulnerabilities

Vasily Kulikov discovered a flaw in the Linux Kernel’s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to…

6 September 2013

USN-1942-1: Linux kernel (OMAP4) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) Vasily Kulikov discovered a flaw in the Linux Kernel’s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when…

6 September 2013

USN-1941-1: Linux kernel vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) Vasily Kulikov discovered a flaw in the Linux Kernel’s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when…

6 September 2013

USN-1937-1: PHP vulnerability

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

5 September 2013

USN-1936-1: Linux kernel (Raring HWE) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory….

20 August 2013

USN-1931-1: Linux kernel (Quantal HWE) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory….

20 August 2013

USN-1930-1: Linux kernel (OMAP4) vulnerabilities

An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2148) Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain…

20 August 2013

USN-1929-1: Linux kernel vulnerability

An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory.

20 August 2013

USN-1928-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. (CVE-2013-4761) It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were…

15 August 2013

USN-1925-1: Thunderbird vulnerabilities

Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user…

7 August 2013

USN-1924-2: Ubufox and Unity Firefox Extension update

USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Original advisory details: Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user…

6 August 2013

USN-1924-1: Firefox vulnerabilities

Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially…

6 August 2013

USN-1923-1: GnuPG, Libgcrypt vulnerability

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys.

1 August 2013

USN-1922-1: Evolution Data Server vulnerability

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient.

31 July 2013

USN-1916-1: Linux kernel (Raring HWE) vulnerability

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length.

29 July 2013

USN-1915-1: Linux kernel (Quantal HWE) vulnerability

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

29 July 2013

USN-1914-1: Linux kernel vulnerability

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

29 July 2013

USN-1911-1: Little CMS vulnerability

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.

29 July 2013

USN-1910-1: Bind vulnerability

Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

29 July 2013

USN-1909-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features,…

25 July 2013

USN-1908-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458) A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571) A vulnerability…

23 July 2013

USN-1904-2: libxml2 regression

USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted …

17 July 2013

USN-1907-2: IcedTea Web update

USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the…

16 July 2013

USN-1905-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. (CVE-2013-4113) It was discovered that PHP incorrectly…

16 July 2013

USN-1903-1: Apache HTTP Server vulnerabilities

It was discovered that the mod_rewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. (CVE-2013-1862) It was discovered that the mod_dav module incorrectly handled certain…

15 July 2013

USN-1904-1: libxml2 vulnerabilities

It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10….

15 July 2013

USN-1902-1: Ruby vulnerability

William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

9 July 2013

USN-1901-1: Raptor vulnerability

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user’s system or potentially execute arbitrary code with the privileges of the user…

8 July 2013

USN-1898-1: OpenSSL vulnerability

The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially matches an unknown string in encrypted and compressed…

4 July 2013

USN-1897-1: PyMongo vulnerability

Jibbers McGee discovered that PyMongo incorrectly handled certain invalid DBRefs. An attacker could use this issue to cause PyMongo to crash, resulting in a denial of service.

3 July 2013

USN-1890-2: Firefox regression

USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If the user were tricked into…

3 July 2013

USN-1896-1: Module::Signature perl module vulnerability

Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.

3 July 2013

USN-1894-1: curl vulnerability

Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

2 July 2013

USN-1893-1: Subversion vulnerabilities

Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. (CVE-2013-1845) Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly…

27 June 2013

USN-1891-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

26 June 2013

USN-1890-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1682, CVE-2013-1683) Abhishek Arya…

26 June 2013

USN-1889-1: HAProxy vulnerability

David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.

20 June 2013

USN-1888-1: Mesa vulnerabilities

It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1872) Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash,…

20 June 2013

USN-1887-1: OpenStack Swift vulnerabilities

Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this…

20 June 2013

USN-1886-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled YAML payloads. An attacker on an untrusted client could use this issue to execute arbitrary code on the master.

18 June 2013

USN-1885-1: libKDcraw vulnerability

It was discovered that libKDcraw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against libKDcraw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

18 June 2013

USN-1884-1: LibRaw vulnerability

It was discovered that LibRaw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against LibRaw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

18 June 2013

USN-1880-1: Linux kernel (Quantal HWE) vulnerabilities

Andy Lutomirski discover an error in the Linux kernel’s credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979) An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover…

14 June 2013

USN-1879-1: Linux kernel (OMAP4) vulnerabilities

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2013-2850) An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local…

14 June 2013

USN-1878-1: Linux kernel vulnerabilities

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) A flaw was discovered in the Linux kernel’s perf events subsystem for Intel Sandy Bridge…

14 June 2013

USN-1874-1: DBus vulnerability

Alexandru Cornea discovered that DBus incorrectly handled certain messages. A local attacker could use this issue to cause system services to crash, resulting in a denial of service.

13 June 2013

USN-1873-1: telepathy-gabble vulnerabilities

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote…

12 June 2013

USN-1871-1: xserver-xorg-video-openchrome vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 June 2013

USN-1859-1: libxi vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1870-1: libxxf86vm vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1869-1: libxxf86dga vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1868-1: libxvmc vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1867-1: libxv vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1866-1: libxtst vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1865-1: libxt vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1864-1: libxres vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1863-1: libxrender vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1862-1: libxrandr vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1861-1: libxp vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1860-1: libxinerama vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1858-1: libxfixes vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1857-1: libxext vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1856-1: libxcursor vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1855-1: libxcb vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1854-1: libx11 vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1853-1: libfs vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1852-1: libdmx vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1849-1: Linux kernel (Raring HWE) vulnerability

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2013-2850) An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to…

31 May 2013

USN-1845-1: Linux kernel (Quantal HWE) vulnerability

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

30 May 2013

USN-1844-1: Linux kernel vulnerability

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

30 May 2013

USN-1843-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

29 May 2013

USN-1842-1: KDE-Libs vulnerability

It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

29 May 2013

USN-1841-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-3544) It was discovered that Tomcat…

28 May 2013

USN-1839-1: Linux kernel (OMAP4) vulnerabilities

An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to escalate privileges on the system. (CVE-2013-2094) Andy Lutomirski discover an error in the Linux kernel’s credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979) A…

28 May 2013

USN-1834-1: Linux kernel (Quantal HWE) vulnerabilities

A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. (CVE-2013-1929) A flaw was discovered in the Linux kernel’s ftrace subsystem interface. A local user could…

24 May 2013

USN-1833-1: Linux kernel vulnerabilities

Andy Lutomirski discover an error in the Linux kernel’s credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979) A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of…

24 May 2013

USN-1832-1: LibTIFF vulnerabilities

Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

21 May 2013

USN-1831-1: OpenStack Nova vulnerability

Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

16 May 2013

USN-1830-1: OpenStack Keystone vulnerability

Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.

16 May 2013

USN-1828-1: Linux kernel (Quantal HWE) vulnerability

An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

16 May 2013

USN-1825-1: Linux kernel vulnerability

An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

16 May 2013

USN-1823-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird….

14 May 2013

USN-1822-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered…

14 May 2013

USN-1821-1: telepathy-idle vulnerability

It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

9 May 2013

USN-1820-1: gpsd vulnerability

It was discovered that gpsd incorrectly handled certain malformed GPS data. An attacker could use this issue to cause gpsd to crash, resulting in a denial of service, or possibly execute arbitrary code.

8 May 2013

USN-1819-1: OpenJDK 6 vulnerabilities

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401) James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to…

7 May 2013

USN-1818-1: Mesa vulnerability

It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

7 May 2013

USN-1816-1: ClamAV vulnerabilities

It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020) It was discovered that ClamAV would incorrectly parse a PDF…

3 May 2013

USN-1812-1: Linux kernel (Quantal HWE) vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel’s UDF file system implementation. A local user could exploit this flaw to examine some of the kernel’s heap memory. (CVE-2012-6548) Mathias Krause discovered an information leak in the Linux kernel’s ISO 9660 CDROM file system driver. A local user could exploit this flaw…

1 May 2013

USN-1811-1: Linux kernel (OMAP4) vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel’s UDF file system implementation. A local user could exploit this flaw to examine some of the kernel’s heap memory. (CVE-2012-6548) Mathias Krause discovered an information leak in the Linux kernel’s ISO 9660 CDROM file system driver. A local user could exploit this flaw…

1 May 2013

USN-1809-1: Linux kernel vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel’s UDF file system implementation. A local user could exploit this flaw to examine some of the kernel’s heap memory. (CVE-2012-6548) Mathias Krause discovered an information leak in the Linux kernel’s ISO 9660 CDROM file system driver. A local user could exploit this flaw…

1 May 2013

USN-1807-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new…

25 April 2013

USN-1804-2: IcedTea-Web regression

USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We apologize for the inconvenience. Original…

23 April 2013

USN-1804-1: IcedTea-Web vulnerabilities

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR…

18 April 2013

USN-1803-1: X.Org X server vulnerability

It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes.

17 April 2013

USN-1802-1: Samba vulnerability

It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions.

16 April 2013

USN-1801-1: curl vulnerability

YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

16 April 2013

USN-1800-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-2942) Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection…

15 April 2013

USN-1799-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly handled large ARGB cursors. A local attacker could use this issue to gain root privileges. The NVIDIA graphics drivers have been updated to 304.88 to fix this issue. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible…

10 April 2013

USN-1795-1: Linux kernel (Quantal HWE) vulnerabilities

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel’s Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. (CVE-2013-0228) Emese Revfy discovered that in the Linux kernel signal handlers could…

8 April 2013

USN-1794-1: Linux kernel (OMAP4) vulnerabilities

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). (CVE-2013-0914) A memory use…

8 April 2013

USN-1793-1: Linux kernel vulnerabilities

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). (CVE-2013-0914) A memory use…

8 April 2013

USN-1791-1: Thunderbird vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or…

8 April 2013

USN-1790-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

4 April 2013

USN-1786-1: Firefox vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service…

4 April 2013

USN-1789-1: PostgreSQL vulnerabilities

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server’s data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10….

4 April 2013

USN-1785-1: poppler vulnerabilities

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.

2 April 2013

USN-1784-1: libxslt vulnerability

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

2 April 2013

USN-1783-1: Bind vulnerability

Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.

29 March 2013

USN-1782-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.

28 March 2013

USN-1781-1: Linux kernel (OMAP4) vulnerabilities

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel’s Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. (CVE-2013-0228) A flaw was reported in the permission checks done by the Linux…

26 March 2013

USN-1780-1: Ruby vulnerability

Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

25 March 2013

USN-1779-1: GNOME Online Accounts vulnerability

It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.

25 March 2013

USN-1732-3: OpenSSL vulnerability

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience. Original advisory details: Adam Langley and Wolfgang…

25 March 2013

USN-1773-1: ClamAV vulnerabilities

Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind discovered multiple security issues with ClamAV. An attacker could use these issues to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 March 2013

USN-1771-1: OpenStack Nova vulnerabilities

Loganathan Parthipan discovered that Nova did not properly validate VNC tokens after an instance was deleted. An authenticated attacker could exploit this to access other virtual machines under certain circumstances. This issue did not affect Ubuntu 11.10. (CVE-2013-0335) Vish Ishaya discovered that Nova did not always enforce quotas on…

20 March 2013

USN-1770-1: Perl vulnerability

Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.

19 March 2013

USN-1768-1: Linux kernel (Quantal HWE) vulnerabilities

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. (CVE-2013-0190) A failure to validate input was discovered in the Linux kernel’s Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to…

18 March 2013

USN-1767-1: Linux kernel vulnerabilities

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. (CVE-2013-0190) A failure to validate input was discovered in the Linux kernel’s Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to…

18 March 2013

USN-1765-1: Apache HTTP Server vulnerabilities

Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could…

18 March 2013

USN-1764-1: OpenStack Glance vulnerability

Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator’s Swift and/or S3 credentials via the response headers when requesting a cached image.

14 March 2013

USN-1763-2: NSPR update

USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform …

14 March 2013

USN-1763-1: NSS vulnerability

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

14 March 2013

USN-1762-1: APT vulnerability

Ansgar Burchardt discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling InRelease file support completely. Please note that this update breaks third-party…

14 March 2013

USN-1761-1: PHP vulnerability

It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server.

13 March 2013

USN-1758-2: Thunderbird vulnerability

USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code…

13 March 2013

USN-1759-1: Puppet vulnerabilities

It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. (CVE-2013-1653) It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could…

12 March 2013

USN-1758-1: Firefox vulnerability

It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program.

8 March 2013

USN-1757-1: Django vulnerabilities

James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update…

7 March 2013

USN-1755-1: OpenJDK 6 vulnerabilities

It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809) It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as…

5 March 2013

USN-1729-2: Firefox regression

USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew…

1 March 2013

USN-1732-2: OpenSSL regression

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: Adam Langley and Wolfgang…

28 February 2013

USN-1754-1: Sudo vulnerability

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

28 February 2013

USN-1753-1: DBus-GLib vulnerability

Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the “NameOwnerChanged” signal was received. A local attacker could possibly use this issue to escalate their privileges.

27 February 2013

USN-1752-1: GnuTLS vulnerability

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

27 February 2013

USN-1749-1: Linux kernel (Quantal HWE) vulnerability

Mathias Krause discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

26 February 2013

USN-1748-1: Thunderbird vulnerabilities

Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the…

25 February 2013

USN-1747-1: Transmission vulnerability

It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

25 February 2013

USN-1746-1: Pidgin vulnerabilities

Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0271) It was discovered that Pidgin incorrectly handled long HTTP headers in…

25 February 2013

USN-1743-1: Linux kernel (Quantal HWE) vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel’s ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. (CVE-2013-0871) A flaw was discovered in the Edgeort USB serial converter driver when the device is disconnected while it is…

22 February 2013

USN-1742-1: Linux kernel (OMAP4) vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel’s ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

22 February 2013

USN-1741-1: Linux kernel vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel’s ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

22 February 2013

USN-1735-1: OpenJDK vulnerabilities

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169) A vulnerability was discovered in the OpenJDK JRE…

21 February 2013

USN-1734-1: OpenStack Nova vulnerability

Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. (CVE-2013-1664)

21 February 2013

USN-1733-1: Ruby vulnerabilities

Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. (CVE-2012-5371) Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site…

21 February 2013

USN-1732-1: OpenSSL vulnerabilities

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Stephen Henson discovered that OpenSSL…

21 February 2013

USN-1730-1: OpenStack Keystone vulnerabilities

Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. (CVE-2013-0282) Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service…

20 February 2013

USN-1729-1: Firefox vulnerabilities

Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an…

20 February 2013

USN-1724-1: OpenJDK vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429,…

14 February 2013

USN-1723-1: Qt vulnerabilities

Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624) Stephen Cheng…

14 February 2013

USN-1717-1: PostgreSQL vulnerability

Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.

12 February 2013

USN-1681-4: Firefox regression

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary…

5 February 2013

USN-1715-1: OpenStack Keystone vulnerability

Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.

5 February 2013

USN-1714-1: QXL graphics driver vulnerability

It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.

5 February 2013

USN-1704-2: Linux kernel (Quantal HWE) regression

USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this…

1 February 2013

USN-1698-2: Linux kernel (OMAP4) regression

USN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel’s handling of script execution when module loading is enabled. A local…

1 February 2013

USN-1696-2: Linux kernel regression

USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the…

1 February 2013

USN-1713-1: Squid vulnerabilities

It was discovered that squid’s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. (CVE-2012-5643) It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a…

31 January 2013

USN-1712-1: Inkscape vulnerabilities

It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. (CVE-2012-5656) It was discovered that Inkscape attempted to open certain files from the /tmp…

30 January 2013

USN-1710-1: OpenStack Glance vulnerability

Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator’s Swift credentials for a misconfigured or otherwise unusable Swift endpoint.

29 January 2013

USN-1709-1: OpenStack Nova vulnerability

Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.

29 January 2013

USN-1708-1: libvirt vulnerabilities

Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-4423) Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote…

29 January 2013

USN-1707-1: libssh vulnerability

Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.

28 January 2013

USN-1705-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

28 January 2013

USN-1681-3: Firefox regression

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert…

22 January 2013

USN-1704-1: Linux kernel (Quantal HWE) vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature…

22 January 2013

USN-1703-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes,…

22 January 2013

USN-1702-1: PHP vulnerability

It was discovered that PHP incorrectly handled the openssl_encrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information.

22 January 2013

USN-1701-1: Vino vulnerability

It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity.

22 January 2013

USN-1698-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of…

18 January 2013

USN-1696-1: Linux kernel vulnerabilities

Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) A flaw was discovered in the Linux kernel’s handling of script…

18 January 2013

USN-1695-1: RPM vulnerabilities

It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.

17 January 2013

USN-1692-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.

16 January 2013

USN-1687-2: NSPR update

USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

14 January 2013

USN-1687-1: NSS vulnerability

Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

14 January 2013

USN-1686-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

14 January 2013

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546) It was discovered that…

14 January 2013

USN-1682-1: GnuPG vulnerability

KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.

9 January 2013

USN-1681-2: Thunderbird vulnerabilities

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O’Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues…

9 January 2013

USN-1681-1: Firefox vulnerabilities

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O’Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of…

9 January 2013

USN-1680-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the priviliges of the web server (user ‘www-data’). It was discovered that MoinMoin also did not properly…

30 December 2012

USN-1676-1: AppArmor update

Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.

19 December 2012

USN-1670-1: Linux kernel (OMAP4) vulnerability

A flaw was discovered in the Linux kernel’s handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

19 December 2012

USN-1669-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel’s handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

18 December 2012

USN-1668-1: Apport update

Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.

17 December 2012

USN-1666-1: Aptdaemon vulnerability

It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

17 December 2012

USN-1662-1: APT vulnerability

It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information.

12 December 2012

USN-1659-1: GIMP vulnerability

It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

10 December 2012

USN-1658-1: MySQL vulnerability

It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.

10 December 2012

USN-1657-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain crafted queries when DNS64 was enabled. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

6 December 2012

USN-1656-1: Libxml2 vulnerability

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.

6 December 2012

USN-1655-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

5 December 2012

USN-1654-1: CUPS vulnerability

It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

5 December 2012

USN-1638-3: Firefox regressions

USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Original advisory details: Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew…

3 December 2012

USN-1645-1: Linux kernel (OMAP4) vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak….

30 November 2012

USN-1644-1: Linux kernel vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak….

30 November 2012

USN-1643-1: Perl vulnerabilities

It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the ‘new’ constructor in the Digest module is vulnerable to an eval injection. An attacker could use…

30 November 2012

USN-1642-1: Lynx vulnerabilities

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810) It was discovered that…

29 November 2012

USN-1641-1: OpenStack Keystone vulnerabilities

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner’s expectations. (CVE-2012-5571) It was discovered that Keystone did not properly implement…

28 November 2012

USN-1640-1: libssh vulnerabilities

Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562)

26 November 2012

USN-1638-2: ubufox update

USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety…

21 November 2012

USN-1638-1: Firefox vulnerabilities

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of…

21 November 2012

USN-1636-1: Thunderbird vulnerabilities

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute…

21 November 2012

USN-1637-1: Tomcat vulnerabilities

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733) It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to…

21 November 2012

USN-1632-2: Django regression

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Kettle discovered Django did not properly filter the Host HTTP header when processing certain…

20 November 2012

USN-1634-1: Python Keyring vulnerabilities

Dwayne Litzenberger discovered that Python Keyring’s CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4571) It was discovered that Python Keyring created keyring files with…

20 November 2012

USN-1632-1: Django vulnerability

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.

15 November 2012

USN-1631-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges….

15 November 2012

USN-1630-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

12 November 2012

USN-1629-1: libproxy vulnerabilities

Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code. (CVE-2012-4504, CVE-2012-4505)

12 November 2012

USN-1628-1: Qt vulnerability

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.

8 November 2012

USN-1627-1: Apache HTTP Server vulnerabilities

It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could…

8 November 2012

USN-1626-1: Glance vulnerability

Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.

8 November 2012

USN-1625-1: Icedtea-Web vulnerability

Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.

7 November 2012

USN-1623-1: Mesa vulnerability

It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 November 2012

USN-1622-1: Munin vulnerabilities

It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103) It was discovered that Munin incorrectly handled plugin state file permissions. An…

5 November 2012

USN-1621-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.66 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.28. In addition to security fixes, the updated packages contain bug fixes,…

5 November 2012

USN-1620-2: Thunderbird vulnerabilities

USN-1620-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Please note that Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. Original advisory details: Mariusz Mlynski and others discovered several flaws in Firefox that allowed a…

30 October 2012

USN-1620-1: Firefox vulnerabilities

Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-4194, CVE-2012-4195) Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could…

26 October 2012

USN-1619-1: OpenJDK vulnerabilities

Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071) Several vulnerabilities were…

26 October 2012

USN-1618-1: Exim vulnerability

It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

26 October 2012

USN-1617-1: WebKit vulnerabilities

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

25 October 2012

USN-1615-1: Python 3.2 vulnerabilities

It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a…

23 October 2012

USN-1614-1: Ruby vulnerabilities

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. (CVE-2012-4464,…

23 October 2012

USN-1612-1: libgssglue vulnerability

It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2011-2709)

15 October 2012

USN-1611-1: Thunderbird vulnerabilities

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the…

12 October 2012

USN-1610-1: Linux kernel vulnerability

Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. (CVE-2012-3520) Mathias Krause discovered information leak in the Linux kernel’s compat ioctl interface. A local user…

12 October 2012

USN-1608-1: Firefox vulnerabilities

It was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-4191) It was discovered that Firefox allowed improper…

11 October 2012

USN-1605-1: Quagga vulnerability

It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

11 October 2012

USN-1604-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data,…

11 October 2012

USN-1603-1: Ruby vulnerabilities

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

10 October 2012

USN-1602-1: Ruby vulnerabilities

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2012-4464, CVE-2012-4466)

10 October 2012

USN-1601-1: Bind vulnerability

Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

10 October 2012

USN-1600-1: Firefox vulnerabilities

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983,…

9 October 2012

USN-1599-1: Linux kernel (OMAP4) vulnerability

Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. (CVE-2012-3520) Mathias Krause discovered information leak in the Linux kernel’s compat ioctl interface. A local user…

9 October 2012

USN-1595-1: libxslt vulnerabilities

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was…

4 October 2012

USN-1576-2: DBus regressions

USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered that DBus incorrectly handled environment …

4 October 2012

USN-1593-1: devscripts vulnerabilities

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. (CVE-2012-0212) Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to…

2 October 2012

USN-1591-1: xdiagnose update

Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be…

2 October 2012

USN-1590-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.

2 October 2012

USN-1589-1: GNU C Library vulnerabilities

It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple…

2 October 2012

USN-1588-1: Software Properties vulnerability

It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

1 October 2012

USN-1551-2: Thunderbird regressions

USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir…

28 September 2012

USN-1587-1: libxml2 vulnerability

Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

27 September 2012

USN-1586-1: Emacs vulnerabilities

Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-0035) Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a…

27 September 2012

USN-1585-1: FreeRADIUS vulnerability

Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a…

26 September 2012

USN-1584-1: Transmission vulnerability

Justin C. Klein Keane discovered that the Transmission web client incorrectly escaped certain strings. If a user were tricked into opening a specially crafted torrent file, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.

26 September 2012

USN-1583-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2011-1005) John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform…

26 September 2012

USN-1582-1: RubyGems vulnerabilities

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2126) John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to…

26 September 2012

USN-1580-1: Linux kernel (OMAP4) vulnerabilities

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could…

21 September 2012

USN-1579-1: Linux kernel vulnerabilities

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could…

21 September 2012

USN-1576-1: DBus vulnerability

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.

20 September 2012

USN-1571-1: DHCP vulnerability

Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955) Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped…

18 September 2012

USN-1570-1: GnuPG vulnerability

It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.

17 September 2012

USN-1569-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a…

17 September 2012

USN-1566-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

13 September 2012

USN-1565-1: OpenStack Horizon vulnerability

Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.

13 September 2012

USN-1564-1: OpenStack Keystone vulnerability

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

13 September 2012

USN-1548-2: Firefox regression

USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir…

11 September 2012

USN-1527-2: XML-RPC for C and C++ vulnerabilities

USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Expat computed hash values without restricting the …

10 September 2012

USN-1561-1: ubiquity-slideshow-ubuntu vulnerability

Paul Mutton discovered that ubiquity-slideshow-ubuntu incorrectly handled the Twitter feed displayed during system installation. A remote attacker could use this flaw to inject code into the Twitter feed and read arbitrary files off the filesystem during system installation. This flaw has been resolved in the Ubuntu 12.04.1 LTS installation images…

10 September 2012

USN-1560-1: Django vulnerabilities

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442) It was discovered that Django incorrectly handled validating certain images. A remote attacker…

10 September 2012

USN-1559-1: GIMP vulnerabilities

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening…

10 September 2012

USN-1553-1: OpenJDK 6 vulnerabilities

It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. (CVE-2012-1682) It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a…

3 September 2012

USN-1552-1: OpenStack Keystone vulnerabilities

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users’ tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. (CVE-2012-3542) Derek Higgins discovered that OpenStack Keystone did not properly implement token expiration. A…

3 September 2012

USN-1551-1: Thunderbird vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via…

30 August 2012

USN-1548-1: Firefox vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application…

29 August 2012

USN-1546-1: libgc vulnerability

It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code.

28 August 2012

USN-1545-1: Nova vulnerability

Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and an authenticated user could still corrupt arbitrary files on the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges.

22 August 2012

USN-1544-1: ImageMagick vulnerability

Tom Lane discovered that ImageMagick would not always properly allocate memory. If a user or automated system using ImageMagick were tricked into opening a specially crafted PNG image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

22 August 2012

USN-1540-2: NSS vulnerability

USN-1540-1 fixed vulnerabilities in NSS. This update provides the corresponding updates for Ubuntu 12.04 LTS. Original advisory details: Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker…

21 August 2012

USN-1542-1: PostgreSQL vulnerabilities

Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. (CVE-2012-3488) Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users…

21 August 2012

USN-1543-1: Config-IniFiles vulnerability

It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files.

20 August 2012

USN-1482-3: ClamAV regression

USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a…

16 August 2012

USN-1541-1: libotr vulnerability

Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.

16 August 2012

USN-1536-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

13 August 2012

USN-1529-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel’s macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119) An error…

10 August 2012

USN-1514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119) An error…

10 August 2012

USN-1527-1: Expat vulnerabilities

It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did…

10 August 2012

USN-1525-1: Calligra vulnerability

It was discovered that Calligra incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

9 August 2012

USN-1524-1: WebKit vulnerabilities

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

8 August 2012

USN-1523-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to gain root privileges.

6 August 2012

USN-1522-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

2 August 2012

USN-1521-1: IcedTea-Web vulnerabilities

Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. (CVE-2012-3422) Steven Bergom and others discovered that the…

31 July 2012

USN-1520-1: Kerberos vulnerabilities

Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015) Emmanuel Bouillon discovered that the MIT krb5 Key…

31 July 2012

USN-1519-1: DHCP vulnerabilities

Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571) Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to…

26 July 2012

USN-1518-1: Bind vulnerability

Einar Lonn discovered that Bind incorrectly initialized the failing-query cache. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

26 July 2012

USN-1517-1: Mono vulnerabilities

It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382) It was discovered that the Mono System.Web library…

25 July 2012

USN-1516-1: OpenSSL vulnerability

It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.

25 July 2012

USN-1515-1: Linux kernel vulnerability

An error was discovered in the Linux kernel’s memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).

23 July 2012

USN-1513-1: libexif vulnerabilities

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813) Mateusz Jurczyk…

23 July 2012

USN-1512-1: KDE PIM vulnerability

It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.

19 July 2012

USN-1511-1: tiff vulnerability

Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

19 July 2012

USN-1509-2: ubufox update

USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Original advisory details: Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting…

18 July 2012

USN-1510-1: Thunderbird vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via…

17 July 2012

USN-1509-1: Firefox vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application…

17 July 2012

USN-1508-1: Linux kernel (OMAP4) vulnerability

An error was discovered in the Linux kernel’s memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).

17 July 2012

USN-1505-1: OpenJDK 6 vulnerabilities

It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that multiple flaws…

13 July 2012

USN-1506-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. (CVE-2012-3864) It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the “Delete” method, an…

12 July 2012

USN-1503-1: Rhythmbox vulnerability

Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.

11 July 2012

USN-1501-1: Nova vulnerability

Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service.

11 July 2012

USN-1502-1: X.Org X Server vulnerability

Ken Mixter discovered a format string vulnerability in the LogVHdrMessageVerb function when handling input device names. This could allow a local attacker to cause a denial of service or possibly execute arbitrary code. The default compiler options for the affected release should reduce the vulnerability to a denial of service.

11 July 2012

USN-1500-1: Pidgin vulnerabilities

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601) Thijs Alkemade discovered that Pidgin…

9 July 2012

USN-1498-1: tiff vulnerabilities

It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered…

5 July 2012

USN-1497-1: Nova vulnerabilities

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. (CVE-2012-3360) Pádraig Brady…

3 July 2012

USN-1494-1: Linux kernel (OMAP4) vulnerability

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

2 July 2012

USN-1486-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

29 June 2012

USN-1484-1: PyCrypto vulnerability

It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.

28 June 2012

USN-1485-1: AccountsService vulnerability

Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.

28 June 2012

USN-1463-4: Thunderbird vulnerabilities

USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into…

22 June 2012

USN-1463-3: Firefox regressions

USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian…

20 June 2012

USN-1482-2: ClamAV regression

USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR…

20 June 2012

USN-1482-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a…

19 June 2012

USN-1481-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781) It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a…

19 June 2012

USN-1480-1: Raptor vulnerability

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user’s system or potentially execute arbitrary code with the privileges of the user…

18 June 2012

USN-1478-1: Libav vulnerabilities

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu…

18 June 2012

USN-1477-1: APT vulnerability

Georgi Guninski discovered that APT did not properly validate imported keyrings via apt-key net-update. USN-1475-1 added additional verification for imported keyrings, but it was insufficient. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects…

15 June 2012

USN-1463-2: Unity 2D update

USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem.

15 June 2012

USN-1475-1: APT update

Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions.

15 June 2012

USN-1474-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. (CVE-2012-2121) Schacher Raindel discovered a flaw in the Linux kernel’s memory handling when hugetlb is enabled. An unprivileged local attacker could exploit…

13 June 2012

USN-1473-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. (CVE-2012-2121) Schacher Raindel discovered a flaw in the Linux kernel’s memory handling when hugetlb is enabled. An unprivileged local attacker could exploit…

13 June 2012

USN-1466-2: Nova regression

USN 1466-1 fixed a vulnerability in Nova. The upstream patch introduced a regression when a security group granted full access and therefore the network protocol was left unset, causing an error in processing. This update fixes the issue. We apologize for the inconvenience. Original advisory details: It was discovered that, when defining…

12 June 2012

USN-1430-4: AppArmor update

USN-1430-1 fixed vulnerabilities in Firefox and USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an AppArmor package with updated abstractions for use with the latest Firefox and Thunderbird.

12 June 2012

USN-1467-1: MySQL vulnerabilities

It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. (CVE-2012-2122) MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have…

11 June 2012

USN-1466-1: Nova vulnerability

It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. ‘TCP’) in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.

6 June 2012

USN-1463-1: Firefox vulnerabilities

Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially…

6 June 2012

USN-1465-2: Ubuntu One storage protocol update

USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. Original advisory details: It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle…

6 June 2012

USN-1465-1: Ubuntu One Client vulnerability

It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

6 June 2012

USN-1462-1: Bind vulnerabilities

Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain…

5 June 2012

USN-1461-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143) It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could…

5 June 2012

USN-1443-2: Update Manager vulnerability

USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Original advisory details: Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result…

4 June 2012

USN-1460-1: Linux kernel (OMAP4) vulnerabilities

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process….

31 May 2012

USN-1456-1: Nut vulnerability

Sebastian Pohle discovered that Nut did not properly validate its input when receiving data over the network. If upsd was configured to allow connections over the network, a remote attacker could exploit this to cause a denial of service (application crash).

31 May 2012

USN-1451-1: OpenSSL vulnerabilities

Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884) It was discovered that an integer underflow was possible when using TLS 1.1, TLS…

24 May 2012

USN-1450-1: Net-SNMP vulnerability

It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.

23 May 2012

USN-1449-1: feedparser vulnerability

It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion.

22 May 2012

USN-1448-1: Linux kernel vulnerabilities

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process….

21 May 2012

USN-1447-1: libxml2 vulnerability

Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

21 May 2012

USN-1444-1: BackupPC vulnerability

It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the…

17 May 2012

USN-1443-1: Update Manager vulnerabilities

It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. (CVE-2012-0948) Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when…

17 May 2012

USN-1442-1: Sudo vulnerability

It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the…

16 May 2012

USN-1441-1: Quagga vulnerabilities

It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2012-0249, CVE-2012-0250) It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote…

15 May 2012

USN-1439-1: Horizon vulnerabilities

Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refrash mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. (CVE-2012-2094) Thomas Biege discovered a…

7 May 2012

USN-1437-1: PHP vulnerability

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. This update addresses the issue…

4 May 2012

USN-1430-3: Thunderbird vulnerabilities

USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user…

4 May 2012

USN-1438-1: Nova vulnerability

Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.

3 May 2012

USN-1436-1: Libtasn1 vulnerability

Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.

2 May 2012

USN-1435-1: ImageMagick vulnerabilities

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the…

1 May 2012

USN-1434-1: Samba vulnerability

Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.

1 May 2012

USN-1430-1: Firefox vulnerabilities

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or…

27 April 2012