Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 2 of 8   Next >
Show: All  

USN-3370-1: Apache HTTP Server vulnerability - 27th July 2017

Robert Święcki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information.

CVE-2017-9788

USN-3369-1: FreeRADIUS vulnerabilities - 27th July 2017

Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987

USN-3366-1: OpenJDK 8 vulnerabilities - 26th July 2017

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK ...

CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243

USN-3368-1: libiberty vulnerabilities - 26th July 2017

It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only ...

CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3367-1: gdb vulnerabilities - 26th July 2017

Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary ...

CVE-2014-8501 CVE-2014-9939 CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3364-3: Linux kernel (AWS, GKE) vulnerabilities - 25th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to ...

CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605

USN-3365-1: Ruby vulnerabilities - 25th July 2017

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. ...

CVE-2009-5147 CVE-2015-1855 CVE-2015-7551 CVE-2015-9096 CVE-2016-2337 CVE-2016-2339 CVE-2016-7798

USN-3364-1: Linux kernel vulnerabilities - 24th July 2017

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to ...

CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9150 CVE-2017-9605

USN-3363-1: ImageMagick vulnerabilities - 24th July 2017

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the ...

CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 CVE-2017-11352 CVE-2017-11360 CVE-2017-11447 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501

USN-3362-1: X.Org X server vulnerabilities - 24th July 2017

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971) It was discovered that ...

CVE-2017-10971 CVE-2017-10972 CVE-2017-2624

USN-3361-1: Linux kernel (HWE) vulnerabilities - 21st July 2017

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the ...

CVE-2015-1350 CVE-2016-10208 CVE-2016-8405 CVE-2016-8636 CVE-2016-9083 CVE-2016-9084 CVE-2016-9191 CVE-2016-9604 CVE-2016-9755 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2618 CVE-2017-2671 CVE-2017-5546 CVE-2017-5549 CVE-2017-5550 CVE-2017-5551 CVE-2017-5576 CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7187 CVE-2017-7261 CVE-2017-7273 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895 CVE-2017-8924 CVE-2017-8925 CVE-2017-9150

USN-3357-1: MySQL vulnerabilities - 20th July 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain ...

CVE-2017-3529 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3637 CVE-2017-3638 CVE-2017-3639 CVE-2017-3640 CVE-2017-3641 CVE-2017-3642 CVE-2017-3643 CVE-2017-3644 CVE-2017-3645 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3650 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653

USN-3356-1: Expat vulnerability - 19th July 2017

It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.

CVE-2017-9233

USN-3355-1: Spice vulnerability - 19th July 2017

Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7506

USN-3354-1: Apport vulnerability - 18th July 2017

Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.

CVE-2017-10708

USN-3353-2: Samba vulnerability - 14th July 2017

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks.

CVE-2017-11103

USN-3353-1: Heimdal vulnerability - 14th July 2017

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.

CVE-2017-11103

USN-3352-1: nginx vulnerability - 13th July 2017

It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.

CVE-2017-7529

USN-3351-1: Evince vulnerability - 13th July 2017

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in ...

CVE-2017-1000083

USN-3350-1: poppler vulnerabilities - 7th July 2017

Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2017-2820) Jiaqi Peng discovered that ...

CVE-2017-2820 CVE-2017-7511 CVE-2017-7515 CVE-2017-9083 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775

USN-3321-1: Thunderbird vulnerabilities - 5th July 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, ...

CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3349-1: NTP vulnerabilities - 5th July 2017

Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when ...

CVE-2016-2519 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464

USN-3348-1: Samba vulnerability - 5th July 2017

It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by ...

CVE-2017-9461

USN-3347-1: Libgcrypt vulnerabilities - 3rd July 2017

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. (CVE-2017-7526) It was discovered that Libgcrypt was ...

CVE-2017-7526 CVE-2017-9526

USN-3346-1: bind9 vulnerabilities - 29th June 2017

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire ...

CVE-2017-3142 CVE-2017-3143

USN-3342-2: Linux kernel (HWE) vulnerabilities - 29th June 2017

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses ...

CVE-2017-1000363 CVE-2017-5577 CVE-2017-7294 CVE-2017-7374 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3333-1

USN-3344-1: Linux kernel vulnerabilities - 29th June 2017

USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local ...

CVE-2017-1000363 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 LP: 1699772 https://www.ubuntu.com/usn/usn-3328-1

USN-3340-1: Apache HTTP Server vulnerabilities - 26th June 2017

Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() ...

CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679

USN-3339-1: OpenVPN vulnerabilities - 22nd June 2017

Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file ...

CVE-2016-6329 CVE-2017-7479 CVE-2017-7508 CVE-2017-7512 CVE-2017-7520 CVE-2017-7521

USN-3333-1: Linux kernel (HWE) vulnerability - 22nd June 2017

USN-3326-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to ...

CVE-2017-1000364

USN-3332-1: Linux kernel (Raspberry Pi 2) vulnerability - 21st June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges

CVE-2017-1000364

USN-3331-1: Linux kernel (AWS) vulnerability - 21st June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges

CVE-2017-1000364

USN-3329-1: Linux kernel (GKE) vulnerability - 21st June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges

CVE-2017-1000364

USN-3328-1: Linux kernel vulnerability - 21st June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges

CVE-2017-1000364

USN-3337-1: Valgrind vulnerabilities - 21st June 2017

It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-2226) It was discovered that ...

CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3336-1: NSS vulnerability - 21st June 2017

It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

CVE-2017-7502

USN-3330-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 19th June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer ...

CVE-2017-1000363 CVE-2017-1000364 CVE-2017-7487 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242

USN-3323-1: GNU C Library vulnerability - 19th June 2017

It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges.

CVE-2017-1000366

USN-3322-1: Exim vulnerability - 19th June 2017

It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with a vulnerability in the underlying kernel to possibly execute arbitrary code and gain administrative privileges.

CVE-2017-1000369

USN-3320-1: zziplib vulnerabilities - 15th June 2017

Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981

USN-3319-1: libmwaw vulnerability - 15th June 2017

It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-9433

USN-3315-1: Firefox vulnerabilities - 15th June 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, ...

CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7762 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3318-1: GnuTLS vulnerabilities - 13th June 2017

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that ...

CVE-2017-7507 CVE-2017-7869

USN-3317-1: Irssi vulnerabilities - 12th June 2017

It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9468) Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote attacker could possibly use this issue ...

CVE-2017-9468 CVE-2017-9469

USN-3253-2: Nagios regression - 7th June 2017

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause ...

LP: 1690380

USN-3313-2: Linux kernel (HWE) vulnerability - 7th June 2017

USN-3313-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker ...

CVE-2017-0605

USN-3312-1: Linux kernel vulnerabilities - 6th June 2017

It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function ...

CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-9083 CVE-2016-9084 CVE-2016-9604 CVE-2017-0605 CVE-2017-2596 CVE-2017-2671 CVE-2017-6001 CVE-2017-7472 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895

USN-3311-1: libnl vulnerability - 6th June 2017

It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code.

CVE-2017-0553

USN-3310-1: lintian vulnerability - 6th June 2017

Jakub Wilk discovered that lintian incorrectly handled deserializing certain YAML files. If a user or automated system were tricked into running lintian on a specially crafted package, a remote attacker could possibly use this issue to execute arbitrary code.

CVE-2017-8829

USN-3309-1: Libtasn1 vulnerability - 5th June 2017

Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code.

CVE-2017-6891

< Previous   Showing page 2 of 8   Next >
Show: All