what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 6,714 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2023-02-06
Ubuntu Security Notice USN-5842-1
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5842-1 - Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0341
SHA-256 | 91d72bd30044e467e8564947c64ad93c38ac37b57cd995da0d690e3fe2408a28
Ubuntu Security Notice USN-5824-1
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5824-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-45403, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45414, CVE-2022-45416, CVE-2022-45420, CVE-2022-45421, CVE-2022-46871, CVE-2022-46872, CVE-2022-46874
SHA-256 | 81782ffc0ab62b78ae676ec823ae25c5a4f536fbe51970837da19909f9a4ca01
Ubuntu Security Notice USN-5825-2
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5825-2 - USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-28321
SHA-256 | 7f177f2fcd2276c915de560cfcdaae5a44f2f39f4cf639638eb1f5c64b2cd35b
Ubuntu Security Notice USN-5816-2
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5816-2 - USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-23597, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23604, CVE-2023-23606
SHA-256 | ac080c4b3790efbaf876e4fa1ba3505424a80943ca230f29f3ed885731cb5053
Ubuntu Security Notice USN-5841-1
Posted Feb 3, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14973, CVE-2022-3970, CVE-2022-48281
SHA-256 | cbe9c14c1c61f1e72805460a674a83621386dcffb0deacb1ce4f8bc501b7c91b
Ubuntu Security Notice USN-5840-1
Posted Feb 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5840-1 - It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5786, CVE-2020-25467, CVE-2022-26291, CVE-2022-28044
SHA-256 | 9a44f0d2bed4147e3d0aa4ccbb3fa4d294f76644a80ec7e108bb809222832a52
Ubuntu Security Notice USN-5839-2
Posted Feb 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2022-37436
SHA-256 | 88bbb9c94fe3256a0566b413057cbed30e02f6f704fa38ef380217859e89feb2
Ubuntu Security Notice USN-5838-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5838-1 - It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-35014, CVE-2022-35018, CVE-2022-35020
SHA-256 | 51d4e5a2e0a6df65689e8d7a335a40c36fc5a84df4a2489eebba63551dc26c38
Ubuntu Security Notice USN-5837-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-2 - USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | 1258c9d42c34f23238ae4659494b2ab12495cb166903f1fc143f498b5d021672
Ubuntu Security Notice USN-5839-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
SHA-256 | 51cd55c0a4d0ca801aadbd2957e3cf62a2298f81b93aff2b7cd8508a8614cf0c
Ubuntu Security Notice USN-5837-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-1 - Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | ddc4a1a3b076b54a17094997d9f5e44de99e5a974a151c5539a5b7cf54af5773
Ubuntu Security Notice USN-4781-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4781-2 - USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10030, CVE-2017-15566, CVE-2018-10995, CVE-2018-7033, CVE-2019-6438, CVE-2020-12693, CVE-2020-27745, CVE-2020-27746, CVE-2021-31215
SHA-256 | 59515a2b771f58c345614b48a32221dcb6959e15bd4041dfd89c08c06148282c
Ubuntu Security Notice USN-5836-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47024, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433
SHA-256 | 695585aeade2a3c26904b99549588433713177c334b05ed806179ae8d4af1b8f
Ubuntu Security Notice USN-5834-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-20001, CVE-2022-36760
SHA-256 | 6efee65211f04fee00bb50c4c029fc349fc21db0290cb03b636a2739c23b1a93
Ubuntu Security Notice USN-5835-3
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-3 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 4f0a5499385b4c636708b12bdb6f9102c53b1da14fe9a66a60cebc7215b1cfbe
Ubuntu Security Notice USN-5835-2
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-2 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 3fb505612e419d1d2c3f5347e187d7b947f82bc4c448a5a408057987d90c1572
Ubuntu Security Notice USN-5835-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | c3b02490c9fb9598caf6f78dca5d1608afdcf55d22ee7f8ae3e403ca232a9dcc
Ubuntu Security Notice USN-5833-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5833-1 - Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2022-40899
SHA-256 | d15cff8644784b9d4f12f574dd93984e0f0dfda35c43880b6bf30496f902b79a
Ubuntu Security Notice USN-5832-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5832-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-4378, CVE-2022-45934
SHA-256 | b242d051794285ce6fb5ea0e2560337d6d70a05108712a3794e5a8724e9960af
Ubuntu Security Notice USN-5811-3
Posted Jan 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5811-3 - USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2023-22809
SHA-256 | f1dcb425e05dbefdeb5273307dd7c4045c531a34effb1aeaf896da8bb14e6bc0
Ubuntu Security Notice USN-5823-3
Posted Jan 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | b8ac95e55ea3957072052db22cac0e9634cab9125d40797d3c5c360bd6df4ac5
Ubuntu Security Notice USN-5831-1
Posted Jan 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-4378, CVE-2022-45934
SHA-256 | b293ed3b171badbd869822b922ca5fe2bc5f7cdd18d474068ad2b6b97a51bc5f
Ubuntu Security Notice USN-5830-1
Posted Jan 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | 6e68f50f18b8299b6053e750db628304a61fb6f1ccf4186312d8814b9ac32cfd
Ubuntu Security Notice USN-5822-2
Posted Jan 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20251, CVE-2022-3437, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141
SHA-256 | f718e90d7add248ca99e3552b0f274b6f861ca5ceefde619cf3bde7fa83d130a
Ubuntu Security Notice USN-5829-1
Posted Jan 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5829-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | aad823e9a2aa345a90ba89b0bbadac4b45a7aad04940b487e28febdc9f15b3ff
Page 1 of 269
Back12345Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close