Ubuntu Security Notice 6021-1 - It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code.
faee70205285f8a8eea1bdb1c67f4cfd98cea70644374972723c122737ddaafd
Ubuntu Security Notice 6020-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
9f8a525bced3457cbb2ffef2d4c8ab52e3e2a9ca5102fcd46297cebb9d8ad5bd
Ubuntu Security Notice 6018-1 - Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege.
a2ab38b1ea2440929f757f965c0d178ce1dba9f6d4528d4b595a40f0c633f0c7
Ubuntu Security Notice 6019-1 - It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information.
12e1c98e648293f1b66a4d11e12c17b778a10e2da4d45986da8978a1f8da0a77
Debian Linux Security Advisory 5388-1 - It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak.
b6c11ab5bb87b337ebbaed8f8330591ab80b9bb08c699ec66294fce4540dec2b
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
82a5b3a701e6d9d96e91e26773ef14cfb1515c5e42ade293fed2ce433bd1f0c0
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
f53f34fbe23a8762e3786572751b301befb28288efb6b1042d4fc64c6610784f
Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
8a359cbdab74e99b960cd11f68d30ea4b17fdb818e2b6bac32b5fd878cb98b28
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
4da5e4e91e49992633a6024ce10afe6441255b2775a8f20f1ef188bd1129ac66
Ubuntu Security Notice 6016-1 - It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
cffd640c08f6a5d8c5818ed9a4d1a5454a2911c1167dac162cd1bcfe3b5e93ab
Microsoft Word appears to suffer from a remote code execution vulnerability when a user load a malicious file that reaches out to an attacker-controller server to get a hostile payload.
8ab600383b2980700b22b249418126bff6776fde4672ab8d2e1bbd8b3c50a7f2