Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 20   Next >
Show: All  

USN-3414-2: QEMU regression - 20th September 2017

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could ...

LP: 1718222

USN-3425-1: Apache HTTP Server vulnerability - 19th September 2017

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.

CVE-2017-9798

USN-3424-1: libxml2 vulnerabilities - 18th September 2017

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use ...

CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities - 18th September 2017

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling ...

CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831

USN-3422-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel ...

CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541

USN-3346-2: Bind regression - 18th September 2017

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing ...

LP: 1717981

USN-3418-1: GDK-PixBuf vulnerabilities - 18th September 2017

It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute ...

CVE-2017-2862 CVE-2017-2870 CVE-2017-6311

USN-3416-1: Thunderbird vulnerabilities - 14th September 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service ...

CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809

USN-3415-1: tcpdump vulnerabilities - 13th September 2017

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker ...

CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725

USN-3414-1: QEMU vulnerabilities - 13th September 2017

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources ...

CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11434 CVE-2017-12809 CVE-2017-7493 CVE-2017-8112 CVE-2017-8380 CVE-2017-9060 CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 CVE-2017-9524

USN-3413-1: BlueZ vulnerability - 12th September 2017

It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. (CVE-2017-1000250)

CVE-2017-1000250

USN-3411-1: Bazaar vulnerability - 5th September 2017

Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user.

LP: 1710979

USN-3410-1: GD library vulnerability - 5th September 2017

It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-6362

USN-3409-1: FontForge vulnerabilities - 4th September 2017

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572) It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote attacker could use a crafted file to ...

CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577

USN-3408-1: Liblouis vulnerabilities - 4th September 2017

It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of ...

CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13742 CVE-2017-13744

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities - 28th August 2017

USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. ...

CVE-2015-7837 CVE-2017-11176 CVE-2017-7495 CVE-2017-7541

USN-3406-1: Linux kernel vulnerabilities - 28th August 2017

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-7914) It was discovered that a NULL pointer dereference existed in the ...

CVE-2016-7914 CVE-2017-7261 CVE-2017-7273 CVE-2017-7487 CVE-2017-7495 CVE-2017-7616

USN-3403-1: Ghostscript vulnerabilities - 28th August 2017

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. (CVE-2017-11714) Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, ...

CVE-2017-11714 CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835

USN-3401-1: TeX Live vulnerability - 22nd August 2017

It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.

CVE-2016-10243

USN-3400-1: Augeas vulnerability - 21st August 2017

It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code.

CVE-2017-7555

USN-3399-1: cvs vulnerability - 21st August 2017

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.

CVE-2017-12836

USN-3398-1: graphite2 vulnerabilities - 21st August 2017

Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3397-1: strongSwan vulnerability - 21st August 2017

It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service.

CVE-2017-11185

USN-3396-1: OpenJDK 7 vulnerabilities - 18th August 2017

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK ...

CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10243

USN-3391-3: Firefox regression - 17th August 2017

USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit ...

LP: 1710987

USN-3395-1: c-ares vulnerability - 17th August 2017

It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service.

CVE-2017-1000381

USN-3393-1: ClamAV vulnerabilities - 17th August 2017

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to ...

CVE-2017-6418 CVE-2017-6419 CVE-2017-6420

USN-3391-2: Ubufox update - 16th August 2017

USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, ...

LP: 1711137

USN-3392-2: Linux kernel (Xenial HWE) regression - 16th August 2017

USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced that prevented conntrack ...

https://bugs.launchpad.net/bugs/1709032 https://usn.ubuntu.com/usn/usn-3378-2

USN-3391-1: Firefox vulnerabilities - 15th August 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, ...

CVE-2017-7753 CVE-2017-7779 CVE-2017-7780 CVE-2017-7781 CVE-2017-7783 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7788 CVE-2017-7789 CVE-2017-7791 CVE-2017-7792 CVE-2017-7794 CVE-2017-7797 CVE-2017-7798 CVE-2017-7799 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7806 CVE-2017-7807 CVE-2017-7808 CVE-2017-7809

USN-3390-1: PostgreSQL vulnerabilities - 15th August 2017

Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. (CVE-2017-7546) Jeff Janes ...

CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

USN-3389-1: GD vulnerability - 14th August 2017

A vulnerability was discovered in GD Graphics Library (aka libgd), as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack.

CVE-2017-7890

USN-3388-1: Subversion vulnerabilities - 11th August 2017

Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. (CVE-2017-9800) Daniel Shahaf and James McCoy discovered that Subversion did not properly ...

CVE-2016-2167 CVE-2016-8734 CVE-2017-9800

USN-3387-1: Git vulnerability - 10th August 2017

Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user.

CVE-2017-1000117

USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities - 10th August 2017

USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A ...

CVE-2017-1000111 CVE-2017-1000112

USN-3386-1: Linux kernel vulnerabilities - 10th August 2017

Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. ...

CVE-2017-1000111 CVE-2017-1000112

USN-3383-1: libsoup vulnerability - 10th August 2017

Aleksandar Nikolic discovered a stack based buffer overflow when handling chunked encoding. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2017-2885

USN-3382-1: PHP vulnerabilities - 10th August 2017

It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser ...

CVE-2015-8994 CVE-2016-10397 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 CVE-2017-11362 CVE-2017-11628 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229

USN-3381-1: Linux kernel vulnerabilities - 7th August 2017

Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use ...

CVE-2016-8405 CVE-2017-1000365 CVE-2017-2618 CVE-2017-7482

USN-3380-1: FreeRDP vulnerabilities - 7th August 2017

It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly ...

CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839

USN-3379-1: Shotwell vulnerability - 7th August 2017

It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission.

CVE-2017-1000024

USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities - 3rd August 2017

USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the ...

CVE-2017-1000365 CVE-2017-10810 CVE-2017-7482 CVE-2017-7533

USN-3375-1: LXC vulnerability - 2nd August 2017

It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An attacker could possibly use this issue to escape LXC containers.

CVE-2016-10124

USN-3374-1: RabbitMQ vulnerability - 31st July 2017

It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry Transport) authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password.

CVE-2016-9877

USN-3363-2: ImageMagick regression - 31st July 2017

USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system ...

LP: 1707015

USN-3370-1: Apache HTTP Server vulnerability - 27th July 2017

Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information.

CVE-2017-9788

USN-3369-1: FreeRADIUS vulnerabilities - 27th July 2017

Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987

USN-3368-1: libiberty vulnerabilities - 26th July 2017

It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only ...

CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3367-1: gdb vulnerabilities - 26th July 2017

Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary ...

CVE-2014-8501 CVE-2014-9939 CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3365-1: Ruby vulnerabilities - 25th July 2017

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. ...

CVE-2009-5147 CVE-2015-1855 CVE-2015-7551 CVE-2015-9096 CVE-2016-2337 CVE-2016-2339 CVE-2016-7798

Showing page 1 of 20   Next >
Show: All