Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
9c7bf230e29a045c5b7a3d87aa96b325Ubuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
e1ac33c4930fe12fca5c85c0a9fb888aUbuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.
09feead29d4e43821693a19b2ad24befUbuntu Security Notice 4593-1 - Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
e2d87527b97b4f6bcee00e01fde7e52aUbuntu Security Notice 4592-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.
ea8ffa29056c97fd916af3807500cfd8Ubuntu Security Notice 4591-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.
5d0eee3a0d51a48fdc43a1f3e9d24038Ubuntu Security Notice 4590-1 - It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code.
179fd7eba43ef7a3691ef8f62753e5e7Ubuntu Security Notice 4546-2 - USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, spoof the site displayed in the download dialog, or execute arbitrary code. Various other issues were also addressed.
fb28fc67ccf3d5335d2f50642f5cdb2fUbuntu Security Notice 4584-1 - It was discovered that HtmlUnit incorrectly initialized Rhino engine. An attacker could possibly use this issue to execute arbitrary Java code.
b7189a4381921c21c27a3059b8f5a87fUbuntu Security Notice 4585-1 - It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special filename.
328a24e2a98284b91341a4629d487991Ubuntu Security Notice 4589-2 - USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Various other issues were also addressed.
0ff1cab3c8d8dd33e88294428bb3c3f2Ubuntu Security Notice 4589-1 - It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials.
6b7595a2ebb73feb35765b548371311fUbuntu Security Notice 4583-1 - It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. Various other issues were also addressed.
12cf9b32480b82e7ad683d2a4b2e6274Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.
e6159e2f38d8be01d2ed2841a3b41473Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
d903afd0dba27fdfc0f4fd0f7a1735b8Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
47ad87c37ce75e1cc13c79f7ebbb8cfaUbuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
add5a165267e2db5c97379f45065737eUbuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
d9b01e11bdf2b74c3573fcc5c0826039Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Various other issues were also addressed.
c65fe18f5d37112dbf0049f05d753dd1Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
73dae97a670b565b41f5e2687d970fc6Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.
13c22771427bf9520a58b64280918187Ubuntu Security Notice 4574-1 - It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp.
9af66676e5cc0bf6720f222313111374Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f75b1a3129973828757d92800d60a53fUbuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b820dbcb8494dae534a235f1446d17cbUbuntu Security Notice 4572-1 - Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
10fa47bbba4baa38f799be96ba28941f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed