what you don't know can hurt you
Showing 1 - 25 of 5,457 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2020-12-03
Ubuntu Security Notice USN-4661-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4661-1 - It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27348
MD5 | 8a6dada5d152bd4b50ac79acb662196a
Ubuntu Security Notice USN-4660-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
MD5 | ee3119babe4a4a73b8652559a6df5f65
Ubuntu Security Notice USN-4659-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4659-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705, CVE-2020-27152, CVE-2020-28915, CVE-2020-4788
MD5 | 37ee7c1e29761f04f52a270e013cd6ed
Ubuntu Security Notice USN-4658-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4658-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 172e17181d7ddc7028474879ff713778
Ubuntu Security Notice USN-4657-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4657-1 - Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0427, CVE-2020-10135, CVE-2020-12352, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 3aefcd5c22a1c13bbe2b3f9912ac8531
Ubuntu Security Notice USN-4656-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-14360
MD5 | 93853767d560545b7dd82c968276953f
Ubuntu Security Notice USN-4655-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-14806, CVE-2020-28724
MD5 | ce431abe7eb561d35f930c7d3b02aba5
Ubuntu Security Notice USN-4654-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-28948
MD5 | 82c82cbd2ddeecdab18d7a3219f64cce
Ubuntu Security Notice USN-4653-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.

tags | advisory
systems | linux, unix, ubuntu
advisories | CVE-2020-15257
MD5 | 8ecc1fa869b3211bbb093ef90ef1a0f9
Ubuntu Security Notice USN-4652-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5439
MD5 | 6a7456d4d7b6165153389916c139259a
Ubuntu Security Notice USN-4651-1
Posted Nov 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | 61f4c1253072775bddb79c85206628a7
Ubuntu Security Notice USN-4650-1
Posted Nov 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-17380, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27616, CVE-2020-27617
MD5 | 637bf499dd94b75eea9e3371d70add3a
Ubuntu Security Notice USN-4646-2
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-2 - USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | 0b505ce3fcb8bc020d54095819e940fa
Ubuntu Security Notice USN-4649-1
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4649-1 - Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27748
MD5 | 595ba1096ac8463cb7b849752a0852e7
Ubuntu Security Notice USN-4382-2
Posted Nov 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4382-2 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11042, CVE-2020-11058, CVE-2020-11525, CVE-2020-13398
MD5 | 6a358e6b9c45a8fd4d61e8756172aeec
Ubuntu Security Notice USN-4645-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4645-1 - It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-28896
MD5 | cd283da3bb2392abd24e2909c62ed5d2
Ubuntu Security Notice USN-4647-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4647-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2020-15683, CVE-2020-26951, CVE-2020-26959, CVE-2020-26968
MD5 | 662abdc998a96f824b8b60a609daef62
Ubuntu Security Notice USN-4648-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4648-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13753, CVE-2020-9983
MD5 | 6fe24a2351dd3e1ef847961c9f674d37
Ubuntu Security Notice USN-4646-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-21009, CVE-2020-27778
MD5 | 7cf4344708476bc2707af653630128ce
Ubuntu Security Notice USN-4644-1
Posted Nov 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20349
MD5 | a0fa8d720ad6105276d63d5678047877
Ubuntu Security Notice USN-4643-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4643-1 - It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service or possibly execute arbitrary code. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11365, CVE-2019-11366
MD5 | bcc71db7af3bff7d8c36dc1d56b825fe
Ubuntu Security Notice USN-4642-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4642-1 - It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2020-9549
MD5 | e238caa5145e021e67c028deec6d2611
Ubuntu Security Notice USN-4641-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4641-1 - It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15266, CVE-2017-15267, CVE-2017-15601, CVE-2017-15602, CVE-2017-15922, CVE-2017-17440, CVE-2018-14346, CVE-2018-14347, CVE-2018-20431
MD5 | c82046881c21e0f0f413cda7a060a88c
Ubuntu Security Notice USN-4640-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4640-1 - James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-16123
MD5 | 01f23d1d42f39796f71058404633153a
Ubuntu Security Notice USN-4634-2
Posted Nov 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4634-2 - USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-25709
MD5 | 39cf896ad02b5474669afbc680180429
Page 1 of 219
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close