Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 78   Next >
Show: All  

USN-3370-1: Apache HTTP Server vulnerability - 27th July 2017

Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information.

CVE-2017-9788

USN-3369-1: FreeRADIUS vulnerabilities - 27th July 2017

Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987

USN-3366-1: OpenJDK 8 vulnerabilities - 26th July 2017

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK ...

CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243

USN-3368-1: libiberty vulnerabilities - 26th July 2017

It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only ...

CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3367-1: gdb vulnerabilities - 26th July 2017

Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary ...

CVE-2014-8501 CVE-2014-9939 CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3364-3: Linux kernel (AWS, GKE) vulnerabilities - 25th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to ...

CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605

USN-3365-1: Ruby vulnerabilities - 25th July 2017

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. ...

CVE-2009-5147 CVE-2015-1855 CVE-2015-7551 CVE-2015-9096 CVE-2016-2337 CVE-2016-2339 CVE-2016-7798

USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities - 24th July 2017

USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local ...

CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605

USN-3364-1: Linux kernel vulnerabilities - 24th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to ...

CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605

USN-3357-2: MySQL vulnerabilities - 24th July 2017

USN-3357-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM. In addition ...

CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653

USN-3353-4: Samba vulnerability - 24th July 2017

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Original advisory details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.

CVE-2017-11103

USN-3363-1: ImageMagick vulnerabilities - 24th July 2017

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the ...

CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11352 CVE-2017-11360 CVE-2017-11447 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501

USN-3362-1: X.Org X server vulnerabilities - 24th July 2017

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971) It was discovered that ...

CVE-2017-10971 CVE-2017-10972 CVE-2017-2624

USN-3353-3: Heimdal vulnerability - 24th July 2017

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding updade for Ubuntu 12.04 ESM. Original advisory details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform ...

CVE-2017-11103

USN-3360-2: Linux kernel (Trusty HWE) vulnerabilities - 21st July 2017

USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local ...

CVE-2014-9900 CVE-2015-8944 CVE-2015-8955 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2015-8966 CVE-2015-8967 CVE-2016-10088 CVE-2017-1000380 CVE-2017-7346 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9605

USN-3361-1: Linux kernel (HWE) vulnerabilities - 21st July 2017

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the ...

CVE-2015-1350 CVE-2016-10208 CVE-2016-8405 CVE-2016-8636 CVE-2016-9083 CVE-2016-9084 CVE-2016-9191 CVE-2016-9604 CVE-2016-9755 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618 CVE-2017-2671 CVE-2017-5546 CVE-2017-5549 CVE-2017-5550 CVE-2017-5551 CVE-2017-5576 CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7187 CVE-2017-7261 CVE-2017-7273 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9150

USN-3360-1: Linux kernel vulnerabilities - 21st July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to ...

CVE-2014-9900 CVE-2015-8944 CVE-2015-8955 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2015-8966 CVE-2015-8967 CVE-2016-10088 CVE-2017-1000380 CVE-2017-7346 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9605

USN-3359-1: Linux kernel vulnerabilities - 20th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet ...

CVE-2014-9900 CVE-2016-9755 CVE-2017-1000380 CVE-2017-5551 CVE-2017-5576 CVE-2017-7346 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9150 CVE-2017-9605

USN-3358-1: Linux kernel vulnerabilities - 20th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker ...

CVE-2014-9900 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9605

USN-3357-1: MySQL vulnerabilities - 20th July 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain ...

CVE-2017-3529 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3637 CVE-2017-3638 CVE-2017-3639 CVE-2017-3640 CVE-2017-3641 CVE-2017-3642 CVE-2017-3643 CVE-2017-3644 CVE-2017-3645 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3650 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653

USN-3356-2: Expat vulnerability - 19th July 2017

USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding udpate for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.

CVE-2017-9233

USN-3356-1: Expat vulnerability - 19th July 2017

It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.

CVE-2017-9233

USN-3212-3: LibTIFF vulnerabilities - 19th July 2017

USN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker ...

CVE-2015-7554 CVE-2015-8668 CVE-2016-10092 CVE-2016-3623 CVE-2016-3624 CVE-2016-3632 CVE-2016-3990 CVE-2016-3991 CVE-2016-5321 CVE-2016-5322 CVE-2016-8331 CVE-2016-9453 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537

USN-3355-1: Spice vulnerability - 19th July 2017

Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7506

USN-3307-2: OpenLDAP vulnerability - 19th July 2017

USN-3307-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for ubuntu 12.04 ESM. Original advisory details: Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service.

CVE-2017-9287

USN-3309-2: Libtasn1 vulnerability - 18th July 2017

Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code.

CVE-2017-6891

USN-3354-1: Apport vulnerability - 18th July 2017

Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.

CVE-2017-10708

USN-3274-2: ICU vulnerabilities - 18th July 2017

USN-3274-1 fixed a vulnerability in icu. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or ...

CVE-2017-7867 CVE-2017-7868

USN-3347-2: Libgcrypt vulnerability - 17th July 2017

USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. ...

CVE-2017-7526

USN-3353-2: Samba vulnerability - 14th July 2017

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks.

CVE-2017-11103

USN-3353-1: Heimdal vulnerability - 14th July 2017

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.

CVE-2017-11103

USN-3352-1: nginx vulnerability - 13th July 2017

It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.

CVE-2017-7529

USN-3351-1: Evince vulnerability - 13th July 2017

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in ...

CVE-2017-1000083

USN-3350-1: poppler vulnerabilities - 7th July 2017

Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that ...

CVE-2017-2820 CVE-2017-7511 CVE-2017-7515 CVE-2017-9083 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775

USN-3321-1: Thunderbird vulnerabilities - 5th July 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, ...

CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3349-1: NTP vulnerabilities - 5th July 2017

Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when ...

CVE-2016-2519 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464

USN-3348-1: Samba vulnerability - 5th July 2017

It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by ...

CVE-2017-9461

USN-3347-1: Libgcrypt vulnerabilities - 3rd July 2017

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was ...

CVE-2017-7526 CVE-2017-9526

USN-3346-1: bind9 vulnerabilities - 29th June 2017

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire ...

CVE-2017-3142 CVE-2017-3143

USN-3323-2: GNU C Library vulnerability - 29th June 2017

USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination ...

CVE-2017-1000366

USN-3342-2: Linux kernel (HWE) vulnerabilities - 29th June 2017

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses ...

CVE-2017-1000363 CVE-2017-5577 CVE-2017-7294 CVE-2017-7374 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3333-1

USN-3345-1: Linux kernel vulnerabilities - 29th June 2017

USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local ...

CVE-2017-1000363 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3324-1

USN-3343-2: Linux kernel (Trusty HWE) vulnerabilities - 29th June 2017

USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java ...

CVE-2014-9940 CVE-2017-0605 CVE-2017-1000363 CVE-2017-7294 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3335-2

USN-3338-2: Linux kernel regression - 29th June 2017

USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Original advisory details: It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough ...

LP: 1699772

USN-3342-1: Linux kernel vulnerabilities - 29th June 2017

USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use ...

CVE-2017-1000363 CVE-2017-5577 CVE-2017-7294 CVE-2017-7374 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3326-1

USN-3343-1: Linux kernel vulnerabilities - 29th June 2017

USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use ...

CVE-2014-9940 CVE-2017-0605 CVE-2017-1000363 CVE-2017-7294 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3335-1

USN-3344-1: Linux kernel vulnerabilities - 29th June 2017

USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local ...

CVE-2017-1000363 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3328-1

USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities - 29th June 2017

USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. ...

CVE-2017-1000363 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3334-1

USN-3341-1: Systemd vulnerability - 27th June 2017

An out-of-bounds write was discovered in systemd-resolved when handling specially crafted DNS responses. A remote attacker could potentially exploit this to cause a denial of service (daemon crash) or execute arbitrary code. (CVE-2017-9445)

CVE-2017-9445 LP: 1695546

USN-3340-1: Apache HTTP Server vulnerabilities - 26th June 2017

Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() ...

CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679

Showing page 1 of 78   Next >
Show: All