what you don't know can hurt you
Showing 1 - 25 of 5,906 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2021-10-25
Ubuntu Security Notice USN-5123-2
Posted Oct 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5123-2 - USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-35604
MD5 | ce885e5e20ab62b753aee2d34575ac7b
Ubuntu Security Notice USN-5123-1
Posted Oct 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5123-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2478, CVE-2021-35575, CVE-2021-35596, CVE-2021-35607, CVE-2021-35613, CVE-2021-35625, CVE-2021-35630, CVE-2021-35634, CVE-2021-35638, CVE-2021-35642, CVE-2021-35646
MD5 | 38403195407e988ed689e75cd407e5fc
Ubuntu Security Notice USN-5122-1
Posted Oct 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5122-1 - It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
MD5 | 75a32fd05ba1698de40bd98dcc2705d9
Ubuntu Security Notice USN-5121-1
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2021-42096, CVE-2021-42097
MD5 | e580a4cebc05a472a168210820d5451c
Ubuntu Security Notice USN-5116-2
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5116-2 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-3732, CVE-2021-38198, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008
MD5 | 5a6d994360d223898c2986ae7be189fd
Ubuntu Security Notice USN-5120-1
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5120-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-19449, CVE-2020-26541, CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3759, CVE-2021-38199, CVE-2021-38207, CVE-2021-40490
MD5 | 2b0bea3094eab3e20f9e8cd33f9618c3
Ubuntu Security Notice USN-5119-1
Posted Oct 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5119-1 - It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-30498
MD5 | 63a2abff1bbc961ac825473a36bb45c0
Ubuntu Security Notice USN-5117-1
Posted Oct 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5117-1 - It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759
MD5 | 5ac73f6c665ddfd98934e45df7d0a9a5
Ubuntu Security Notice USN-5116-1
Posted Oct 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5116-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-3732, CVE-2021-38198, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008
MD5 | 715eb5083b40eea27bd0010abe8079e3
Ubuntu Security Notice USN-5115-1
Posted Oct 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5115-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2021-38166, CVE-2021-38204, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008
MD5 | 6730d8bb9630399283cc815ff2505e83
Ubuntu Security Notice USN-5114-1
Posted Oct 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5114-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-38198, CVE-2021-40490, CVE-2021-42008
MD5 | 8fa3ae056919ddf7efc9988aa2f5db12
Ubuntu Security Notice USN-5113-1
Posted Oct 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5113-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-38166, CVE-2021-40490, CVE-2021-42008
MD5 | 00db01f6ec31316d70e9ac5c2e40b7e9
Ubuntu Security Notice USN-5111-2
Posted Oct 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5111-2 - USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-41991
MD5 | 7500b7c4a02c2f112707a0502a50de50
Ubuntu Security Notice USN-5111-1
Posted Oct 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5111-1 - It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-41990, CVE-2021-41991
MD5 | d642b815ed1027cedc528205f2749233
Ubuntu Security Notice USN-5092-3
Posted Oct 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5092-3 - USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38201, CVE-2021-38204, CVE-2021-38205, CVE-2021-41073
MD5 | 1e23a25af868dd8101bc775e11c249fc
Ubuntu Security Notice USN-5110-1
Posted Oct 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5110-1 - It was discovered that Ardour incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-22617
MD5 | fc33650c83dd63199cac1b58dc212ebf
Ubuntu Security Notice USN-5109-1
Posted Oct 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5109-1 - It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-20005
MD5 | f3a7d2fb8ecd1f45d342d3994d131223
Ubuntu Security Notice USN-5091-3
Posted Oct 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5091-3 - USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-3679, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38204
MD5 | 3eae914659b526575cec3ea4ff5dfd0e
Ubuntu Security Notice USN-5078-3
Posted Oct 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-3 - USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-41072
MD5 | e89f5e24983a0f1abc5ff5bcdb35bb1a
Ubuntu Security Notice USN-5108-1
Posted Oct 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5108-1 - It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-17455
MD5 | 9fd7f456b33fd9ffe65fc1dd4ac1f495
Ubuntu Security Notice USN-5107-1
Posted Oct 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5107-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-32810, CVE-2021-38499
MD5 | dc7fa97881bdef965e8e559aba52c5c7
Ubuntu Security Notice USN-5022-3
Posted Oct 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5022-3 - USN-5022-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-2146, CVE-2021-2169, CVE-2021-2194, CVE-2021-2372
MD5 | 9df8f5508a77c82a77b38f7af9a2b0b4
Ubuntu Security Notice USN-5105-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5105-1 - It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-28473
MD5 | 9dfd82c106b6f6b0a66213ce2a7ccc0a
Ubuntu Security Notice USN-5106-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5106-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26541, CVE-2021-22543, CVE-2021-3612, CVE-2021-38160, CVE-2021-38199, CVE-2021-41073
MD5 | 44f1cb6d4e6bc787eb2a64281fc880a2
Ubuntu Security Notice USN-5104-1
Posted Oct 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5104-1 - Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2021-28116
MD5 | ebced696b47a0af1f3398b3e07cea764
Page 1 of 237
Back12345Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close