what you don't know can hurt you
Showing 1 - 25 of 5,048 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2020-04-03
Ubuntu Security Notice USN-4316-2
Posted Apr 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4316-2 - USN-4316-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-14553, CVE-2019-11038
MD5 | 974fa84156e30a0a57445f492d8a5c44
Ubuntu Security Notice USN-4316-1
Posted Apr 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4316-1 - It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service, or to disclose contents of the stack that has been left there by previous code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-14553, CVE-2019-11038
MD5 | b09ee9b58c468fb819c495efe5c9e3f1
Ubuntu Security Notice USN-4315-1
Posted Apr 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4315-1 - Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-8831, CVE-2020-8833
MD5 | d0b37915b1226aaca515786d4db120d2
Ubuntu Security Notice USN-4314-1
Posted Apr 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4314-1 - Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10595
MD5 | 391dffe0fa714c322c6cfd265fd71b57
Ubuntu Security Notice USN-4311-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4311-1 - It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-7837, CVE-2020-0556
MD5 | 003f02799609a41d0332d6037d56d870
Ubuntu Security Notice USN-4313-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4313-1 - Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8835
MD5 | 64238cff52e7aff48c4ad8bc4b0032f4
Ubuntu Security Notice USN-4312-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4312-1 - Matthias Gerstner discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2020-10174
MD5 | 51355f6e192c7fbad0b80169911ffd45
Ubuntu Security Notice USN-4310-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4310-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-10018
MD5 | ddd7bc5bb510c51d26056ea6338792b8
Ubuntu Security Notice USN-4308-2
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4308-2 - USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. Various other issues were also addressed.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-12387, CVE-2019-12855, CVE-2020-10109
MD5 | b43b434bb001678ba973b3bd6564e349
Ubuntu Security Notice USN-4134-3
Posted Mar 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4134-3 - USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-14822
MD5 | ecbd4539ba1cca1ea187087487d91dbd
Ubuntu Security Notice USN-4309-1
Posted Mar 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4309-1 - It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1110, CVE-2017-11109, CVE-2017-5953, CVE-2018-20786, CVE-2019-20079
MD5 | 7877e40a87f07d6e1c5fa5bd2c2ece11
Ubuntu Security Notice USN-4308-1
Posted Mar 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4308-1 - it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-12387, CVE-2019-12855, CVE-2019-9515, CVE-2020-10109
MD5 | 58561d55ac4406af56c6957961d6a8f3
Ubuntu Security Notice USN-4307-1
Posted Mar 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4307-1 - As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments.

tags | advisory, web
systems | linux, ubuntu
MD5 | e2a253b437a5a244f9517bf9600a61ec
Ubuntu Security Notice USN-4171-5
Posted Mar 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-5 - USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, denial of service, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | b7c1da16b8ea42319c7c7dcf19894e3d
Ubuntu Security Notice USN-4306-1
Posted Mar 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4306-1 - It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-16235
MD5 | 893d3685437aa9b3ccdcd8bd7da84ef0
Ubuntu Security Notice USN-4305-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4305-1 - Andre Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10531
MD5 | cda7b825a9de8dec9cf60b491e1c9467
Ubuntu Security Notice USN-4304-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4304-1 - Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1700
MD5 | 4f49a6d1d405edb5e63b241e2bccd792
Ubuntu Security Notice USN-4303-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4303-1 - Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-2732
MD5 | 2f7b31b887ff959d2fd1fa9d1e84e67d
Ubuntu Security Notice USN-4303-2
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4303-2 - USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-2732
MD5 | a78140dff5caa78fc9f538a626d51f66
Ubuntu Security Notice USN-4302-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4302-1 - Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-15217, CVE-2019-19046, CVE-2019-19051, CVE-2019-19056, CVE-2019-19058, CVE-2019-19066, CVE-2019-19068, CVE-2020-2732, CVE-2020-8832
MD5 | 399774618ce50a03b46b4f27b7f87a67
Ubuntu Security Notice USN-4301-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4301-1 - It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2019-19053, CVE-2019-19056, CVE-2019-19059, CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732
MD5 | 6b921a608ab319902047d0ad4c3538bd
Ubuntu Security Notice USN-4300-1
Posted Mar 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4300-1 - It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2019-18809, CVE-2019-19043, CVE-2019-19053, CVE-2019-19056, CVE-2019-19058, CVE-2019-19059, CVE-2019-19064, CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732
MD5 | caa07f46355fbda12c3113a6958695d0
Ubuntu Security Notice USN-4299-1
Posted Mar 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4299-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy protections, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2019-20503, CVE-2020-6808, CVE-2020-6809, CVE-2020-6810, CVE-2020-6811, CVE-2020-6812, CVE-2020-6815
MD5 | 67cbdfdad2dfc914c5dc998ef6ee9902
Ubuntu Security Notice USN-4298-1
Posted Mar 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4298-1 - It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13753, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218, CVE-2020-9327
MD5 | 25d6fa8a4777be059f8c4d0a4282fa53
Ubuntu Security Notice USN-4297-1
Posted Mar 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4297-1 - It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-16884, CVE-2019-19921
MD5 | a3d8981993c427634845baf9e68183e0
Page 1 of 202
Back12345Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close