Ubuntu Security Notice 3859-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service.CVE-2018-1000880 affected only Ubuntu 18.04 and Ubuntu 18.10 LTS. It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
e5c4c24eaa0041372b257aec38c032e0Ubuntu Security Notice 3858-1 - It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
09c52c83ab2fdfedfa8403b297813de6Ubuntu Security Notice 3857-1 - Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code.
0216917c7cb3ac850f31adf9b107774bUbuntu Security Notice 3856-1 - Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue.
b7dfec4af097cb08bba630ac582166f6Ubuntu Security Notice 3855-1 - It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
42433c95e77000de53479462231b8fa3Ubuntu Security Notice 3854-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
f8474b7b46329623febcb7514c73d299Ubuntu Security Notice 3852-1 - It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
2d2b8c5b592712349927164a5836b956Ubuntu Security Notice 3853-1 - Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks.
9dff487091705ecddb0783a58af51804Ubuntu Security Notice 3851-1 - It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL.
2d5950123f9a670fa08c8a5cb6410857Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.
f31e765a83742d73f9519be5d73246a3Ubuntu Security Notice 3849-1 - It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ab84b9e247a45108e4c874fdfe0f245fUbuntu Security Notice 3849-2 - USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
1ad97b490d8d1e9628e77408ea2c2d1bUbuntu Security Notice 3847-3 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b186fc2a923abf5659c017b5ea42a3c3Ubuntu Security Notice 3848-2 - USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8866975e977d4c45d391b4d9035dd8edUbuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
54eea9cfff67d88df3b99da978ff5b90Ubuntu Security Notice 3847-2 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b0c6ce592d43ca8552efd6262de2cbbbUbuntu Security Notice 3847-1 - It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
5703c2f44fdffc67aa1c3e986372d1a0Ubuntu Security Notice 3846-1 - It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information.
0492ac4c9faaf5253e3674fa0f151866Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
7c30480f14d84266396689b1137c7a58Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.
cd05546757b473bab2c95bffccfca6ccUbuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6750b72273b628db8f06739166f59793Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
070f65503dc6e6c2f7d2711ac101acd4Ubuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
377baed8b82a680a84a9c85cdc9060d2Ubuntu Security Notice 3842-1 - Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery attacks.
9e5a7e5f15e1d452a62f535a54787f22Ubuntu Security Notice 3841-2 - USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
649c44073f03bc41cc17df5ef408c79b
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed