what you don't know can hurt you
Showing 1 - 25 of 5,225 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2020-08-14
Ubuntu Security Notice USN-4459-1
Posted Aug 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15750, CVE-2018-15751, CVE-2019-17361, CVE-2020-11652
MD5 | fab02805099e5ba345f240d307c51f20
Ubuntu Security Notice USN-4458-1
Posted Aug 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934, CVE-2020-9490
MD5 | 7140a6d9fa7d076a14e596e4242f90fd
Ubuntu Security Notice USN-4457-1
Posted Aug 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-1 - Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | ecb41f82ad36c486d2149a4f5bc4a612
Ubuntu Security Notice USN-4456-1
Posted Aug 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4456-1 - It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. It was discovered that the Dovecot RPA mechanism incorrectly handled zero-length messages. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
MD5 | 575687b073f155d6229f47d4d093a9f3
Ubuntu Security Notice USN-4454-2
Posted Aug 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4454-2 - USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, udp
systems | linux, ubuntu
advisories | CVE-2020-14303
MD5 | 28286858828b581194abde5675e0a025
Ubuntu Security Notice USN-4455-1
Posted Aug 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4455-1 - It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-12400
MD5 | 2f3a49b001cc039e26024aa57b1ee4ad
Ubuntu Security Notice USN-4454-1
Posted Aug 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4454-1 - Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, udp
systems | linux, ubuntu
advisories | CVE-2020-14303
MD5 | 4d727511174b362f017cea4d57f55db7
Ubuntu Security Notice USN-4451-2
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | e87d8f20499aa2e18c7cd3040c62a44f
Ubuntu Security Notice USN-4453-1
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | a0c890f204d84cac8ed235ff33fa9d9a
Ubuntu Security Notice USN-4441-2
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4441-2 - USN-4441-1 fixed vulnerabilities in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | be47d3c959e593a5765b5e138182c543
Ubuntu Security Notice USN-4432-2
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4432-2 - USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems , preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-10713, CVE-2020-14308, CVE-2020-14310, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
MD5 | 1a353a8cdb06e7e9c9325c3947e45ffd
Ubuntu Security Notice USN-4452-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4452-1 - Trent Shea discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges.

tags | advisory, local
systems | linux, unix, ubuntu
advisories | CVE-2020-15708
MD5 | 26191b7d77a8f9fcfdc7f39ef50e7b2d
Ubuntu Security Notice USN-4450-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4450-1 - Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11937, CVE-2020-12135, CVE-2020-15570
MD5 | 8a56b151952311fb68e4412ae9c9a5b1
Ubuntu Security Notice USN-4451-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-1 - Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | dba7822ad99b626b4da28d4558490343
Ubuntu Security Notice USN-4448-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-13935, CVE-2020-1935, CVE-2020-9484
MD5 | f490bd6674a82d8af4d84ba15996c17f
Ubuntu Security Notice USN-4449-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4449-1 - Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11936, CVE-2020-15701, CVE-2020-15702
MD5 | ccdc98754ed6d235718171b799686bca
Ubuntu Security Notice USN-4447-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4447-1 - It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-16135
MD5 | cec1d8fcd7514e57e050ad3fee686a21
Ubuntu Security Notice USN-4298-2
Posted Aug 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13753, CVE-2019-19926
MD5 | d1de1d9403a24bcb05ee45c057fd3d41
Ubuntu Security Notice USN-4445-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4445-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15900
MD5 | e5cd22ad9394fc8739acbf87db5ba61d
Ubuntu Security Notice USN-4446-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-1 - Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
MD5 | 0645410abcb063dfc2a9e47806b54c82
Ubuntu Security Notice USN-4444-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4444-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-9862, CVE-2020-9915
MD5 | 41e64fcb2adc18e2a3f8f179c1a36e11
Ubuntu Security Notice USN-4432-1
Posted Jul 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4432-1 - Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-10713, CVE-2020-14308, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
MD5 | e8c8115375ad07c3a69fd6d3665f7dd3
Ubuntu Security Notice USN-4443-1
Posted Jul 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4443-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15659, CVE-2020-6514
MD5 | d80178008eece3baac547d3e0382ff43
Ubuntu Security Notice USN-4436-2
Posted Jul 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4436-2 - USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-11464, CVE-2019-20446
MD5 | a1612bf1f32015d135edccb761c8574b
Ubuntu Security Notice USN-4442-1
Posted Jul 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4442-1 - Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. Various other issues were also addressed.

tags | advisory, web, root
systems | linux, ubuntu
advisories | CVE-2018-1000550, CVE-2018-1000671, CVE-2020-10936
MD5 | 20f797199f0e729d298e107ea0ae73eb
Page 1 of 209
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    7 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close