Exploit the possiblities
Showing 1 - 25 of 3,938 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2018-01-18
Ubuntu Security Notice USN-3536-1
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3536-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000001
MD5 | 8c4667c2973230ddb616da2d0fb05e48
Ubuntu Security Notice USN-3535-2
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3535-2 - USN-3535-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3145
MD5 | 16be36796713bd0ce125903a09864c07
Ubuntu Security Notice USN-3535-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3535-1 - Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3145
MD5 | dc8c13f698fc3b21ad070a8da1f40f56
Ubuntu Security Notice USN-3534-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001
MD5 | 4d8f3d9f108dacae4f21c559451d5fd0
Ubuntu Security Notice USN-3533-1
Posted Jan 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3533-1 - It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5702
MD5 | e506de6ad207d56ead8dbce91f87989a
Ubuntu Security Notice USN-3532-1
Posted Jan 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3532-1 - It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000422, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314
MD5 | 3f971b48955f9beaa817a277d99f3328
Ubuntu Security Notice USN-3531-1
Posted Jan 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3531-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates required for the corresponding Linux kernel updates.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | 303c187345e739a1fcbd506ccc3baa95
Ubuntu Security Notice USN-3530-1
Posted Jan 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3530-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 3bf2820a2ba39d395b37c51cb752e3d9
Ubuntu Security Notice USN-3522-4
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-4 - USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | d73ea7e2336ce4f12a3f81d3406dd552
Ubuntu Security Notice USN-3522-3
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-3 - USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 4d7b4ced69dbbe793b9334bd984fd703
Ubuntu Security Notice USN-3528-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3528-1 - It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17790
MD5 | dc434c8e6d1bb07724a5d915b4e77117
Ubuntu Security Notice USN-3527-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3527-1 - Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208
MD5 | a4b97d44d7baaee22df4be21e098e115
Ubuntu Security Notice USN-3523-3
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3523-3 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864
MD5 | 5d97b063cad48e5c8411fa2be179fa07
Ubuntu Security Notice USN-3532-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3532-2 - USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-5754
MD5 | c5a3f8d746ddf39bee7abb6f9185111e
Ubuntu Security Notice USN-3526-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3526-1 - It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-12173
MD5 | 27c7460dc24953e8d93616de4001a145
Ubuntu Security Notice USN-3525-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3525-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | f6d4ea5c2df0b5026fb31f44c27eb62c
Ubuntu Security Notice USN-3524-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3524-2 - USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 762d3d76967b1badce64abde59d94ec7
Ubuntu Security Notice USN-3524-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3524-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 257c1190c8db4f29219aebe29c12194e
Ubuntu Security Notice USN-3522-2
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-2 - USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | b64b860b09568182f97f59bf7e46ba05
Ubuntu Security Notice USN-3522-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 0309df4e8cea9c3405f86a79f00a8cc7
Ubuntu Security Notice USN-3523-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3523-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-5754
MD5 | a70e4f6712a9f397feb49e6273bf2ee5
Ubuntu Security Notice USN-3521-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3521-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5753
MD5 | 6c4c45c1f8232e2146815d1ab1679e4a
Ubuntu Security Notice USN-3520-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3520-1 - It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2017-1000433
MD5 | fbbc0e41f5cd7e739a10fa50e82e48fd
Ubuntu Security Notice USN-3519-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3519-1 - It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-5647, CVE-2017-5648, CVE-2017-5664, CVE-2017-7674
MD5 | 8bb853d27495046e474a6c64ce1ff290
Ubuntu Security Notice USN-3518-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3518-1 - It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000501
MD5 | a33d88c803d928fc0362dd841fecd6df
Page 1 of 158
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    7 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close