Ubuntu Security Notice 4695-1 - Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Various other issues were also addressed.
cc7f5a77193361f6afb87d4fc323cbb7Ubuntu Security Notice 4693-1 - It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. Various other issues were also addressed.
19e32413eae87248300241c7423c86b4Ubuntu Security Notice 4694-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
39bd5d296c952869b692a804fbc44d89Ubuntu Security Notice 4692-1 - Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. Various other issues were also addressed.
344cbf5822690466c47037ca26772ba8Ubuntu Security Notice 4691-1 - Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
622199ebe49995537dcf295a4a531f9dUbuntu Security Notice 4690-1 - It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface.
a250c57907fc4d20314b01267251dffcUbuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.
5400659ba37710eaa6b249f1d24c9de7Ubuntu Security Notice 4649-2 - USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
e3181c84ebf88124fc8440988b2185acUbuntu Security Notice 4689-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
981d1a54d362e0eb1a220d6c10591e46Ubuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.
547dc78aa1e891e8e1a6f4156108a0f0Ubuntu Security Notice 4667-2 - USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Various other issues were also addressed.
b02790b890a4077db710c9e9f926d953Ubuntu Security Notice 4688-1 - It was discovered that Jasper incorrectly certain files. An attacker could possibly use this issue to cause a crash. It was discovered that Jasper incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Jasper incorrectly handled certain JPC encoders. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
a965c42895b4f69c78c1d6469bf754dbUbuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
8b8168d3ee3d2c80f6d055fe05c6c894Ubuntu Security Notice 4684-1 - Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1751a770e1cc64cf0203b6e4506c808eUbuntu Security Notice 4685-1 - It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code.
441106d86f85ccadec1d3c14e6567734Ubuntu Security Notice 4686-1 - It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
4cd68750ef2abd5f6b9640ef33177e4fUbuntu Security Notice 4683-1 - Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
7fbd2df16ee169fac1041dc6ef729402Ubuntu Security Notice 4677-2 - USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f0cd253812e585b78a6df0d24f050a4cUbuntu Security Notice 4682-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
071a6f4ed83c58b35aaeadaa4f78066aUbuntu Security Notice 4681-1 - Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
91670808904d9a205af1af1baa6a1ec2Ubuntu Security Notice 4680-1 - It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
d9396f87744b985c8e687f3925ea532cUbuntu Security Notice 4679-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
1ace1ae8d4759419772bc1a1bdf880c4Ubuntu Security Notice 4678-1 - It was discovered that the AMD Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. Various other issues were also addressed.
b3036de92a3edb42e7057a8095180d7cUbuntu Security Notice 4677-1 - David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.
21b501626a34f8159219ffcf33d54c15Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
590de48f77cba77bf4361c2d44509710
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed