ignore security and it'll go away
Showing 101 - 125 of 3,810 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2017-10-17
Ubuntu Security Notice USN-3384-1
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3384-1 - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2017-1000111, CVE-2017-1000112
MD5 | e47cc57a0e9397738e976643425f72c4
Ubuntu Security Notice USN-3381-2
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3381-2 - USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information. Various other issues were also addressed.

tags | advisory, overflow, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8405, CVE-2017-1000365, CVE-2017-2618, CVE-2017-7482
MD5 | 872f12a9aea55423ef4a6ad59dc44a44
Ubuntu Security Notice USN-3381-1
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3381-1 - Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8405, CVE-2017-1000365, CVE-2017-2618, CVE-2017-7482
MD5 | 23e15cb3b383412d96b020c0af37f828
Ubuntu Security Notice USN-3380-1
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3380-1 - It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0250, CVE-2014-0791, CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839
MD5 | 9070d3db10ce04b5f06ccb4db0e2eabf
Ubuntu Security Notice USN-3379-1
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3379-1 - It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission.

tags | advisory, web, info disclosure
systems | linux, ubuntu
MD5 | f83cac688e9ee7d46d8166778f498706
Ubuntu Security Notice USN-3339-2
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3339-2 - USN-3339-1 fixed several issues in OpenVPN. This update provides the corresponding update for Ubuntu 12.04 ESM. A Guido Vranken discovered that OpenVPN incorrectly handled an HTTP A proxy with NTLM authentication. A remote attacker could use this issue A to cause OpenVPN clients to crash, resulting in a denial of service, A or possibly expose sensitive memory contents. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7520
MD5 | 23d76828be8a9431e15c3e3524bca1ee
Ubuntu Security Notice USN-3212-4
Posted Aug 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3212-4 - USN-3212-1 fixed several issues in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF which allows remote attackers to cause a denial of service or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. It was discovered that LibTIFF is vulnerable to a heap buffer overflow in the resulting in DoS or code execution via a crafted BitsPerSample value. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2016-3945, CVE-2017-5225
MD5 | 4369a041fd08868e00a58ab7a50956b1
Ubuntu Security Notice USN-3378-2
Posted Aug 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3378-2 - USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | 83be044752437775050f88aee02fa689
Ubuntu Security Notice USN-3378-1
Posted Aug 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3378-1 - Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | 9db31ba17dfb34a4396c9ced31bc3759
Ubuntu Security Notice USN-3377-2
Posted Aug 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3377-2 - USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | 7252455e3ef2d532a9738ece9b403104
Ubuntu Security Notice USN-3377-1
Posted Aug 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3377-1 - Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | 9534dcc0dfba019b004a4abde6d30b5f
Ubuntu Security Notice USN-3375-1
Posted Aug 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3375-1 - It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An attacker could possibly use this issue to escape LXC containers.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-10124
MD5 | 77f4dfd619f9d84568e605b517a744a9
Ubuntu Security Notice USN-3376-1
Posted Aug 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3376-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-2538, CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064
MD5 | e387fcf37251d265cc71556e68ff7b81
Ubuntu Security Notice USN-3370-2
Posted Aug 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3370-2 - USN-3370-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2017-9788
MD5 | 15d9431a8cf8d33b94e704a5818841c1
Ubuntu Security Notice USN-3294-2
Posted Aug 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3294-2 - USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, bash
systems | linux, ubuntu
advisories | CVE-2016-7543
MD5 | b0ac786f800c2b1ae62c931c9a06d34e
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
MD5 | ab98a35fa8ae3d8507d56b71d1998766
Ubuntu Security Notice USN-3373-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3373-1 - Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components function for use by third-party modules. Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection during an HTTP request to an HTTPS port. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679
MD5 | a4c4025dab59dae6931ec8faed33573f
Ubuntu Security Notice USN-3374-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3374-1 - It was discovered that RabbitMQ incorrectly handled MQTT authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9877
MD5 | 6685b33f1d0776f697501b2adfe43a88
Ubuntu Security Notice USN-3363-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3363-2 - USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | c0e883034c5e99b28eac5ed3d0e564c4
Ubuntu Security Notice USN-3366-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-2 - USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
MD5 | 2a9baab186741fe731fd0793a6248350
Ubuntu Security Notice USN-3371-1
Posted Jul 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3371-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
MD5 | 5391562066bac61b8e2c8c8b2110eced
Ubuntu Security Notice USN-3370-1
Posted Jul 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3370-1 - Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2017-9788
MD5 | 0351992c5c6292755bb3ff9a1fe16e1c
Ubuntu Security Notice USN-3369-1
Posted Jul 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3369-1 - Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987
MD5 | c5dbb1add58a9a9ecbad68f218906843
Ubuntu Security Notice USN-3366-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
MD5 | 658e7009018bea7fcaaa8f27548c347b
Ubuntu Security Notice USN-3368-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3368-1 - It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | a499ba39c7aaf4f7e4c5320fc92b569a
Page 5 of 153
Back34567Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close