what you don't know can hurt you
Showing 101 - 125 of 5,516 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2021-01-25
Ubuntu Security Notice USN-4628-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4628-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
MD5 | d5b28c9aff5b23a7f8ad7249a7633849
Ubuntu Security Notice USN-4627-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4627-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8694
MD5 | 68280722e12e55bac74350f6bcd8f78a
Ubuntu Security Notice USN-4626-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4626-1 - Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27194, CVE-2020-8694
MD5 | 826290928fcd6e76f591d4feea48dd2f
Ubuntu Security Notice USN-4625-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4625-1 - A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-26950
MD5 | 9ce2e1d9656cdc58bfb93548e5536c86
Ubuntu Security Notice USN-4624-1
Posted Nov 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4624-1 - It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-0452
MD5 | 7a05bea2012947c33ca0fa3a8095b12d
Ubuntu Security Notice USN-4623-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2020-25654
MD5 | a404c7158aa20923e972db53c69bdbcc
Ubuntu Security Notice USN-4622-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-25692
MD5 | c9c68a915194629894262084656686cf
Ubuntu Security Notice USN-4621-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1513, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
MD5 | 7787dcf98d9b4adb884f3713beabae3a
Ubuntu Security Notice USN-4620-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2017-11107
MD5 | 1328c14e055c0263156c30ab138a2dc9
Ubuntu Security Notice USN-4599-3
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
MD5 | 25dce6875e3b7e54bf60434d0576c6d1
Ubuntu Security Notice USN-4619-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000632
MD5 | 248b0dd34669f388ff9cb3860db4b123
Ubuntu Security Notice USN-4618-1
Posted Nov 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4618-1 - Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-27347
MD5 | 707bdda96b60b30ef620ce6d9df783f9
Ubuntu Security Notice USN-4616-2
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-2 - USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126
MD5 | 0cf5a3b172b2a9f7f18f5eb3b16aeda1
Ubuntu Security Notice USN-4617-1
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4617-1 - Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
MD5 | eb32f5b8ddb04d03715a53a339bea7a0
Ubuntu Security Notice USN-4615-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4615-1 - It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-6298, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6305, CVE-2017-6306
MD5 | e4ec9e3a279ada39aa02f6955b8c9ce5
Ubuntu Security Notice USN-4613-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4613-1 - Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2020-25659
MD5 | f58620abad4842bf57a4df18084b6b7d
Ubuntu Security Notice USN-4616-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-1 - Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126, CVE-2020-16127
MD5 | 459484efda1c6062d667f1c0c7fe58a1
Ubuntu Security Notice USN-4614-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4614-1 - Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-16125
MD5 | 39b3740000f421ed649cff459f6228fa
Ubuntu Security Notice USN-4605-2
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-2 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
MD5 | a1e9ea67ece2df45ff33e037fb695ef5
Ubuntu Security Notice USN-4611-1
Posted Nov 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4611-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-14383
MD5 | 47e6b47eeae24d5bb1467b3b35282526
Ubuntu Security Notice USN-4610-1
Posted Oct 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4610-1 - It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service.

tags | advisory, remote, denial of service, memory leak
systems | linux, ubuntu
advisories | CVE-2020-27638
MD5 | d044b963d293ca0b710d800c0f0cb6b1
Ubuntu Security Notice USN-4609-1
Posted Oct 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2018-1000528, CVE-2019-11187, CVE-2019-14466
MD5 | 4e2b8c585afc2ea3d948b113104fffd5
Ubuntu Security Notice USN-4552-3
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 632ca4e5ebf9fb3048aa8ec5c35d3c54
Ubuntu Security Notice USN-4608-1
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4608-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.

tags | advisory
systems | linux, ubuntu
MD5 | 4a82710366d6b5ca1f43f34e4d8f761b
Ubuntu Security Notice USN-4607-1
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
MD5 | 5415752655f0e455fc9170072766e9f8
Page 5 of 221
Back34567Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close