Twenty Year Anniversary
Showing 51 - 75 of 4,398 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2018-12-13
Ubuntu Security Notice USN-3816-1
Posted Nov 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-1 - Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-6954
MD5 | 0d1d149d094bc787a61b8d9a8420e7bb
Ubuntu Security Notice USN-3815-2
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-2 - USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 51e487332db90c74eb92afb810976bca
Ubuntu Security Notice USN-3815-1
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-1 - It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 55c08c31b7c8375fb97d655a18afabb1
Ubuntu Security Notice USN-3814-1
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3814-1 - It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-18584
MD5 | 08291f8fba97ca0ed220da4aeaf4801e
Ubuntu Security Notice USN-3813-1
Posted Nov 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3813-1 - It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000807, CVE-2018-1000808
MD5 | 17ee1c5903a74363c12d44b59d9fe872
Ubuntu Security Notice USN-3812-1
Posted Nov 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3812-1 - It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
MD5 | ff9df4d865e372ebb24923ea96bc6bb2
Ubuntu Security Notice USN-3810-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3810-1 - Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2018-11574
MD5 | bea0355887912e2020914ed77fd7dedf
Ubuntu Security Notice USN-3811-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
MD5 | 7fcbfde9589d7977e424e44fe80a9ea7
Ubuntu Security Notice USN-3786-2
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3786-2 - USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-15853, CVE-2018-15857, CVE-2018-15862
MD5 | f69ed867096c658c6b1c088943632808
Ubuntu Security Notice USN-3809-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10708, CVE-2018-15473
MD5 | 2475ee67475aa1d9b41d74d41231f44e
Ubuntu Security Notice USN-3808-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2018-16395, CVE-2018-16396
MD5 | 40861160d83fcf2ea2b6534d3fc4fe66
Ubuntu Security Notice USN-3807-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3807-1 - Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 7090d9f77e278da5d5637637cbc3037c
Ubuntu Security Notice USN-3806-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3806-1 - Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 35680bf8b4d43558d98d86f89f440cf6
Ubuntu Security Notice USN-3805-2
Posted Nov 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3805-2 - USN-3805-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-16842
MD5 | ad62d890696a916e31139e292948c677
Ubuntu Security Notice USN-3805-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3805-1 - Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
MD5 | 62d9032b56d438de573bf274b8252a5c
Ubuntu Security Notice USN-3804-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3804-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
MD5 | 1499016cce5544fdad2e81db194990e1
Ubuntu Security Notice USN-3803-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3803-1 - Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-17961
MD5 | 97ae7f346ed335a9c5662259e484085f
Ubuntu Security Notice USN-3799-2
Posted Oct 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3799-2 - USN-3799-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 12.04 ESM. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-3133
MD5 | d6af8e7b772b22321b5233fb7729dabe
Ubuntu Security Notice USN-3802-1
Posted Oct 27, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3802-1 - Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-14665
MD5 | 80f70d72f03779fe81b0034effbe13c1
Ubuntu Security Notice USN-3801-1
Posted Oct 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3801-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, protocol
systems | linux, ubuntu
advisories | CVE-2018-12388, CVE-2018-12395, CVE-2018-12398, CVE-2018-12399, CVE-2018-12403
MD5 | 952c961245ddeace11587b0845c529ab
Ubuntu Security Notice USN-3800-1
Posted Oct 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3800-1 - It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-13440, CVE-2018-17095
MD5 | 8c54a7ad04f3f70a57a4f762ea3172b7
Ubuntu Security Notice USN-3799-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-3133, CVE-2018-3156, CVE-2018-3173, CVE-2018-3200, CVE-2018-3277, CVE-2018-3284
MD5 | 9c6341ba7441c72524dd926ae636d826
Ubuntu Security Notice USN-3788-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-17407
MD5 | 399e1f0d7ad56afe1ef3189f6bf7a64b
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
MD5 | 9d5422023e24d370d36309f152f01b10
Ubuntu Security Notice USN-3798-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299, CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518
MD5 | bfdc7594d98be96ce72f6fbcd1096bfb
Page 3 of 176
Back12345Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close