Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 80   Next >
Show: All  

USN-3428-1: Emacs vulnerability - 21st September 2017

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.

CVE-2017-14482

USN-3427-1: Emacs vulnerability - 21st September 2017

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.

CVE-2017-14482

USN-3426-1: Samba vulnerabilities - 21st September 2017

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote attacker could use this issue to perform a man ...

CVE-2017-12150 CVE-2017-12151 CVE-2017-12163

USN-3414-2: QEMU regression - 20th September 2017

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could ...

LP: 1718222

USN-3425-1: Apache HTTP Server vulnerability - 19th September 2017

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.

CVE-2017-9798

USN-3424-1: libxml2 vulnerabilities - 18th September 2017

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use ...

CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050

USN-3423-1: Linux kernel vulnerability - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash).

CVE-2017-1000251

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities - 18th September 2017

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling ...

CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities - 18th September 2017

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling ...

CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831

USN-3419-2: Linux kernel (HWE) vulnerabilities - 18th September 2017

USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration ...

CVE-2017-1000251 CVE-2017-7541

USN-3419-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN ...

CVE-2017-1000251 CVE-2017-7541

USN-3420-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux ...

CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831

USN-3421-1: Libidn2 vulnerability - 18th September 2017

It was discovered that Libidn2 incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn2 to crash, resulting in a denial of service.

CVE-2017-14062

USN-3422-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel ...

CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541

USN-3346-2: Bind regression - 18th September 2017

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing ...

LP: 1717981

USN-3418-1: GDK-PixBuf vulnerabilities - 18th September 2017

It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute ...

CVE-2017-2862 CVE-2017-2870 CVE-2017-6311

USN-3416-1: Thunderbird vulnerabilities - 14th September 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service ...

CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809

USN-3417-1: Libgcrypt vulnerability - 14th September 2017

Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.

CVE-2017-0379

USN-3415-2: tcpdump vulnerabilities - 13th September 2017

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the corresponding tcpdump update for Ubuntu 12.04 ESM. Original advisory details: Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a ...

CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725

USN-3415-1: tcpdump vulnerabilities - 13th September 2017

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker ...

CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725

USN-3414-1: QEMU vulnerabilities - 13th September 2017

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources ...

CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11434 CVE-2017-12809 CVE-2017-7493 CVE-2017-8112 CVE-2017-8380 CVE-2017-9060 CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 CVE-2017-9524

USN-3413-1: BlueZ vulnerability - 12th September 2017

It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. (CVE-2017-1000250)

CVE-2017-1000250

USN-3412-1: file vulnerability - 7th September 2017

Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this to cause file to crash, resulting in a denial of service.

CVE-2017-1000249

USN-3411-1: Bazaar vulnerability - 5th September 2017

Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user.

LP: 1710979

USN-3410-2: GD library vulnerability - 5th September 2017

USN-3410-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library ...

CVE-2017-6362

USN-3410-1: GD library vulnerability - 5th September 2017

It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-6362

USN-3409-1: FontForge vulnerabilities - 4th September 2017

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572) It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote attacker could use a crafted file to ...

CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577

USN-3408-1: Liblouis vulnerabilities - 4th September 2017

It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of ...

CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13742 CVE-2017-13744

USN-3407-1: PyJWT vulnerability - 30th August 2017

It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch.

CVE-2017-11424

USN-3406-2: Linux kernel (Trusty HWE) vulnerabilities - 29th August 2017

USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the ...

CVE-2016-7914 CVE-2017-7261 CVE-2017-7273 CVE-2017-7487 CVE-2017-7495 CVE-2017-7616

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities - 28th August 2017

USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. ...

CVE-2015-7837 CVE-2017-11176 CVE-2017-7495 CVE-2017-7541

USN-3404-2: Linux kernel (HWE) vulnerability - 28th August 2017

USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this ...

CVE-2017-7487

USN-3406-1: Linux kernel vulnerabilities - 28th August 2017

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-7914) It was discovered that a NULL pointer dereference existed in the ...

CVE-2016-7914 CVE-2017-7261 CVE-2017-7273 CVE-2017-7487 CVE-2017-7495 CVE-2017-7616

USN-3405-1: Linux kernel vulnerabilities - 28th August 2017

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel ...

CVE-2015-7837 CVE-2017-11176 CVE-2017-7495 CVE-2017-7541

USN-3404-1: Linux kernel vulnerability - 28th August 2017

A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

CVE-2017-7487

USN-3403-1: Ghostscript vulnerabilities - 28th August 2017

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. (CVE-2017-11714) Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, ...

CVE-2017-11714 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835

USN-3199-3: Python Crypto vulnerability - 28th August 2017

USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary ...

CVE-2013-7459

USN-3402-1: PySAML2 vulnerability - 24th August 2017

It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files.

CVE-2016-10149

USN-3401-1: TeX Live vulnerability - 22nd August 2017

It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.

CVE-2016-10243

USN-3400-1: Augeas vulnerability - 21st August 2017

It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code.

CVE-2017-7555

USN-3399-1: cvs vulnerability - 21st August 2017

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.

CVE-2017-12836

USN-3398-1: graphite2 vulnerabilities - 21st August 2017

Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3397-1: strongSwan vulnerability - 21st August 2017

It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service.

CVE-2017-11185

USN-3396-1: OpenJDK 7 vulnerabilities - 18th August 2017

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK ...

CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10243

USN-3391-3: Firefox regression - 17th August 2017

USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit ...

LP: 1710987

USN-3393-2: ClamAV vulnerabilities - 17th August 2017

USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) ...

CVE-2017-6418 CVE-2017-6419 CVE-2017-6420

USN-3395-1: c-ares vulnerability - 17th August 2017

It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service.

CVE-2017-1000381

USN-3394-1: libmspack vulnerabilities - 17th August 2017

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could ...

CVE-2017-11423 CVE-2017-6419

USN-3393-1: ClamAV vulnerabilities - 17th August 2017

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to ...

CVE-2017-6418 CVE-2017-6419 CVE-2017-6420

USN-3391-2: Ubufox update - 16th August 2017

USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, ...

LP: 1711137

Showing page 1 of 80   Next >
Show: All