USNs for ubuntu 17.10

USN-3717-1: PolicyKit vulnerabilities

Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A…

16 July 2018

USN-3714-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2018-12359, CVE-2018-12360,…

12 July 2018

USN-3715-1: dns-root-data update

This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints.

12 July 2018

USN-3713-1: CUPS vulnerabilities

It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend…

11 July 2018

USN-3712-1: libpng vulnerabilities

Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087) Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a…

11 July 2018

USN-3711-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

11 July 2018

USN-3710-1: curl vulnerability

Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 July 2018

USN-3705-2: Firefox regressions

USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

10 July 2018

USN-3709-1: Xapian-core vulnerability

It was discovered that Xapian-core incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

10 July 2018

USN-3707-1: NTP vulnerabilities

Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A…

9 July 2018

USN-3706-1: libjpeg-turbo vulnerabilities

It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 July 2018

USN-3705-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or…

5 July 2018

USN-3704-1: devscripts vulnerability

It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code.

5 July 2018

USN-3703-1: Archive Zip

It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information.

4 July 2018

USN-3701-1: libsoup vulnerability

It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service.

3 July 2018

USN-3700-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2…

3 July 2018

USN-3699-1: zziplib vulnerabilities

It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.

3 July 2018

USN-3697-1: Linux kernel vulnerabilities

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize…

2 July 2018

USN-3692-1: OpenSSL vulnerabilities

Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use…

26 June 2018

USN-3690-1: AMD Microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H…

20 June 2018

USN-3688-1: Spidermonkey vulnerabilities

Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.

19 June 2018

USN-3689-1: Libgcrypt vulnerability

Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.

19 June 2018

USN-3687-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

18 June 2018

USN-3686-1: file vulnerabilities

Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of…

14 June 2018

USN-3685-1: Ruby vulnerabilities

Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this…

13 June 2018

USN-3684-1: Perl vulnerability

It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

13 June 2018

USN-3682-1: Firefox vulnerability

A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

12 June 2018

USN-3681-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

12 June 2018

USN-3680-1: libvirt vulnerability and update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by…

12 June 2018

USN-3679-1: QEMU update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD…

12 June 2018

USN-3677-1: Linux kernel vulnerabilities

It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle…

11 June 2018

USN-3675-1: GnuPG vulnerabilities

Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by…

11 June 2018

USN-3673-1: Unbound vulnerability

Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick Unbound into accepting a NODATA proof.

7 June 2018

USN-3672-1: Liblouis vulnerabilities

Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11683, CVE-2018-11684, CVE-2018-11685)

6 June 2018

USN-3671-1: Git vulnerabilities

Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone –recurse-submodules" is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git’s pathname sanity checking code when used…

5 June 2018

USN-3669-1: Liblouis vulnerabilities

It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11440) It was…

4 June 2018

USN-3668-1: Exempi vulnerabilities

It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.

4 June 2018

USN-3665-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained…

30 May 2018

USN-3664-1: Apport vulnerability

Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

30 May 2018

USN-3662-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.

29 May 2018

USN-3660-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or execute arbitrary code. (CVE-2018-5150,…

25 May 2018

USN-3659-1: Spice vulnerability

Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

23 May 2018

USN-3658-1: procps-ng vulnerabilities

It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of…

23 May 2018

USN-3657-1: Linux kernel (Raspberry Pi 2) vulnerabilities

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of…

22 May 2018

USN-3653-1: Linux kernel vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the…

22 May 2018

USN-3651-1: QEMU update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by…

21 May 2018

USN-3650-1: xdg-utils vulnerability

It was discovered that xdg-utils incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.

21 May 2018

USN-3645-2: Firefox regression

USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted…

18 May 2018

USN-3642-2: DPDK vulnerability

USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Original advisory details: Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information.

16 May 2018

USN-3649-1: QEMU vulnerabilities

Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845) Cyrille Chatras discovered that QEMU incorrectly handled…

16 May 2018

USN-3648-1: curl vulnerabilities

Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and…

16 May 2018

USN-3647-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2017-18267) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768)

15 May 2018

USN-3646-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user’s PHP applications. (CVE-2018-10545) It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote…

14 May 2018

USN-3645-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction,…

11 May 2018

USN-3644-1: OpenJDK 8 vulnerabilities

It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and…

11 May 2018

USN-3643-1: Wget vulnerability

It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

9 May 2018

USN-3641-1: Linux kernel vulnerabilities

Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897) Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not…

8 May 2018

USN-3640-1: WebKitGTK+ vulnerability

Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.

8 May 2018

USN-3639-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-10528) It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information. (CVE-2018-10529)

8 May 2018

USN-3638-1: QPDF vulnerabilities

It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code.

7 May 2018

USN-3637-1: WavPack vulnerabilities

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. (CVE-2018-10536, CVE-2018-10537) Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered…

30 April 2018

USN-3636-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. (CVE-2016-10317) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10194)

30 April 2018

USN-3635-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

30 April 2018

USN-3634-1: PackageKit vulnerability

Matthias Gerstner discovered that PackageKit incorrectly handled authentication. A local attacker could possibly use this issue to install arbitrary packages and escalate privileges.

24 April 2018

USN-3630-1: Linux kernel vulnerability

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).

23 April 2018

USN-3629-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…

23 April 2018

USN-3628-1: OpenSSL vulnerability

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.

19 April 2018

USN-3627-1: Apache HTTP Server vulnerabilities

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly…

19 April 2018

USN-3626-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-6914) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-8778, CVE-2018-8780) It was discovered that Ruby incorrectly…

16 April 2018

USN-3625-1: Perl vulnerabilities

It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker…

16 April 2018

USN-3624-1: Patch vulnerabilities

It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly…

10 April 2018

USN-3623-1: ubuntu-release-upgrader vulnerability

It was discovered that ubuntu-release-upgrader did not correctly drop permissions before opening a browser to view the release notes. This update fixes the issue.

9 April 2018

USN-3622-1: Wayland vulnerability

It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 April 2018

USN-3621-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-1000073) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled…

5 April 2018

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that a use-after-free vulnerability existed in the network…

4 April 2018

USN-3618-1: LibVNCServer vulnerability

It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

4 April 2018

USN-3617-1: Linux kernel vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel…

3 April 2018

USN-3616-1: Python Crypto vulnerability

It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

3 April 2018

USN-3615-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

3 April 2018

USN-3613-1: OpenJDK 8 vulnerabilities

It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to…

2 April 2018

USN-3531-3: intel-microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the corrected microcode updates…

29 March 2018

USN-3545-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146)

29 March 2018

USN-3611-1: OpenSSL vulnerability

It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service.

28 March 2018

USN-3610-1: ICU vulnerability

It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service.

28 March 2018

USN-3609-1: Firefox vulnerability

A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code.

27 March 2018

USN-3608-1: Zsh vulnerabilities

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-1071) It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1083)

27 March 2018

USN-3607-1: Screen Resolution Extra vulnerability

It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.

26 March 2018

USN-3606-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

26 March 2018

USN-3605-1: Sharutils vulnerability

It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

22 March 2018

USN-3604-1: libvorbis vulnerability

Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.

22 March 2018

USN-3603-1: Paramiko vulnerability

Matthijs Kooijman discovered that Paramiko’s SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code.

20 March 2018

USN-3601-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service.

19 March 2018

USN-3600-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712) It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct…

19 March 2018

USN-3599-1: Firefox vulnerability

An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)

16 March 2018

USN-3598-1: curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-1000120) Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of…

15 March 2018

USN-3597-1: Linux kernel vulnerabilities

USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing…

15 March 2018

USN-3596-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user…

14 March 2018

USN-3595-1: Samba vulnerabilities

Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC…

13 March 2018

USN-3593-1: Zsh vulnerabilities

It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code….

8 March 2018

USN-3592-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue…

8 March 2018

USN-3579-3: LibreOffice regression

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user’s home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that =WEBSERVICE calls in a document could be…

7 March 2018

USN-3591-1: Django vulnerabilities

James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.

6 March 2018

USN-3590-1: Irssi vulnerabilities

It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7050) It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. (CVE-2018-7051) It was discovered that Irssi…

6 March 2018

USN-3589-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code.

6 March 2018

USN-3588-1: Memcached vulnerabilities

Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service (daemon crash). (CVE-2017-9951) It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack. (CVE-2018-1000115)

5 March 2018

USN-3587-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-14461) It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could…

5 March 2018

USN-3586-1: DHCP vulnerabilities

Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774) It was discovered that the DHCP server incorrectly handled…

1 March 2018

USN-3579-2: LibreOffice regression

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user’s home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that =WEBSERVICE calls in a document could be…

28 February 2018

USN-3584-1: sensible-utils vulnerability

Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code.

26 February 2018

USN-3581-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP…

23 February 2018

USN-3581-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP…

22 February 2018

USN-3578-1: WavPack vulnerabilities

It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. (CVE-2018-7253) It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-7254)

22 February 2018

USN-3579-1: LibreOffice vulnerability

It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. (CVE-2018-6871)

21 February 2018

USN-3576-1: libvirt vulnerabilities

Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel…

20 February 2018

USN-3575-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged…

20 February 2018

USN-3573-1: Quagga vulnerabilities

It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a…

16 February 2018

USN-3572-1: FreeType vulnerability

It was discovered that FreeType incorrectly handled certain files. An attacker could possibly use this to cause a denial of service.

14 February 2018

USN-3571-1: Erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue…

14 February 2018

USN-3570-1: AdvanceCOMP vulnerability

Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

14 February 2018

USN-3569-1: libvorbis vulnerabilities

It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. (CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. (CVE-2017-14633)

13 February 2018

USN-3544-2: Firefox regressions

USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially…

12 February 2018

USN-3568-1: WavPack vulnerabilities

Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a…

12 February 2018

USN-3565-1: Exim vulnerability

Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

12 February 2018

USN-3564-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information.

9 February 2018

USN-3563-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code.

8 February 2018

USN-3562-1: MiniUPnP vulnerabilities

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

7 February 2018

USN-3561-1: libvirt update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added…

7 February 2018

USN-3560-1: QEMU update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by…

7 February 2018

USN-3559-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. (CVE-2017-12794, CVE-2018-6188)

7 February 2018

USN-3557-1: Squid vulnerabilities

Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side…

5 February 2018

USN-3556-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service.

1 February 2018

USN-3555-1: w3m vulnerabilities

It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6196, CVE-2018-6197) It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files. (CVE-2018-6198)

1 February 2018

USN-3554-1: curl vulnerabilities

It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get…

31 January 2018

USN-3552-1: Firefox vulnerability

Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. (CVE-2018-5124)

31 January 2018

USN-3553-1: Ruby vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. (CVE-2017-0901) It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to…

31 January 2018

USN-3551-1: WebKitGTK+ vulnerabilities

Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153,…

30 January 2018

USN-3550-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380) It was discovered that ClamAV incorrectly handled parsing certain…

30 January 2018

USN-3529-1: Thunderbird vulnerabilities

It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a…

29 January 2018

USN-3548-1: Linux kernel vulnerability

Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

26 January 2018

USN-3547-1: Libtasn1 vulnerabilities

It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-10790) It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker…

25 January 2018

USN-3544-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the…

24 January 2018

USN-3546-1: gcab vulnerability

Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code.

24 January 2018

USN-3543-1: rsync vulnerabilities

It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764)

23 January 2018

USN-3541-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only),…

23 January 2018

USN-3538-1: OpenSSH vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10009) Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain…

22 January 2018

USN-3537-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…

22 January 2018

USN-3531-2: Intel Microcode regression

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. Original advisory details: It was discovered that…

22 January 2018

USN-3534-1: GNU C Library vulnerabilities

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd(2) syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. (CVE-2018-1000001) A memory leak was discovered in the _dl_init_paths() function in…

17 January 2018

USN-3535-1: Bind vulnerability

Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

17 January 2018

USN-3533-1: Transmission vulnerability

It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code.

16 January 2018

USN-3532-1: GDK-PixBuf vulnerabilities

It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of…

15 January 2018

USN-3531-1: Intel Microcode update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for…

11 January 2018

USN-3530-1: WebKitGTK+ vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from…

11 January 2018

USN-3528-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause…

10 January 2018

USN-3527-1: Irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5205) Joseph Bisch discovered that Irssi incorrectly handled settings the…

10 January 2018

USN-3523-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley…

10 January 2018

USN-3523-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that the Berkeley…

9 January 2018

USN-3521-1: NVIDIA graphics drivers vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along…

9 January 2018

USN-3520-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.

8 January 2018

USN-3518-1: AWStats vulnerability

It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.

8 January 2018

USN-3517-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. (CVE-2017-1000456) It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an…

8 January 2018

USN-3516-1: Firefox vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from…

5 January 2018

USN-3515-1: Ruby vulnerability

It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution.

4 January 2018

USN-3480-3: Apport regression

USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a…

3 January 2018

USN-3514-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

3 January 2018

USN-3477-4: Firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to…

3 January 2018

USN-3513-1: libxml2 vulnerability

It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

13 December 2017

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to…

11 December 2017

USN-3507-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent…

7 December 2017

USN-3506-1: rsync vulnerabilities

It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use…

7 December 2017

USN-3505-1: Linux firmware vulnerabilities

Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)

6 December 2017

USN-3504-1: libxml2 vulnerability

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

5 December 2017

USN-3477-3: Firefox regressions

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

1 December 2017

USN-3490-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7828,…

1 December 2017

USN-3501-1: libxcursor vulnerability

It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

29 November 2017

USN-3500-1: libXfont vulnerability

It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.

29 November 2017

USN-3499-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.

29 November 2017

USN-3498-1: curl vulnerabilities

Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl…

29 November 2017

USN-3477-2: Firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a…

27 November 2017

USN-3495-1: OptiPNG vulnerability

It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2017

USN-3494-1: XML::LibXML vulnerability

It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code.

27 November 2017

USN-3493-1: Exim vulnerability

It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

27 November 2017

USN-3492-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code

22 November 2017

USN-3491-1: ldns vulnerabilities

Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could…

22 November 2017

USN-3487-1: Linux kernel vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2017-12188) It was discovered that on the PowerPC architecture, the…

21 November 2017

USN-3486-1: Samba vulnerabilities

Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this…

21 November 2017

USN-3480-2: Apport regressions

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash forwarding to containers. This update addresses the…

20 November 2017

USN-3483-1: procmail vulnerability

Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

20 November 2017

USN-3477-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof…

16 November 2017

USN-3481-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

16 November 2017

USN-3480-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local…

15 November 2017

USN-3479-1: PostgreSQL vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098) Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT … ON CONFLICT DO UPDATE commands….

14 November 2017

USN-3476-1: postgresql-common vulnerabilities

Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A…

9 November 2017

USN-3473-1: OpenJDK 8 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK did not…

8 November 2017

USN-3475-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue…

6 November 2017

USN-3471-1: Quagga vulnerabilities

Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet…

31 October 2017

USN-3467-1: poppler vulnerability

It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.

30 October 2017

USN-3466-1: systemd vulnerability

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service.

26 October 2017

USN-3465-1: Irssi vulnerabilities

Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause…

26 October 2017

USN-3464-1: Wget vulnerabilities

Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive…

26 October 2017

USN-3458-1: ICU vulnerability

It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

23 October 2017

USN-3459-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features,…

23 October 2017

USN-3457-1: curl vulnerability

Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.

23 October 2017