Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.
bebf402244a4c2e679e813eb9b40b74cUbuntu Security Notice 4707-1 - It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.
588b2022e81f508eb24aaed4ec3251ceUbuntu Security Notice 4712-1 - USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem.
ba3b04076200630b1b79bc54fcab8b18Ubuntu Security Notice 4713-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
93b60be65f3b9617bbda04c469a600daUbuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
862338ce60446f35a002c294d4ef7d48Ubuntu Security Notice 4710-1 - Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service.
8bceee49b044da87d9c7e4b287cb8ac0Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
5205f153d121a7f1d0f2c2402956e1d3Ubuntu Security Notice 4708-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
88614c94398b165a3628eb8d6d76aa2bUbuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
83bcf987c775a6200689ce72ac3bb60aUbuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. Various other issues were also addressed.
7441929fd8273b9e8c967ac727cda7eaUbuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.
21c29b1fe2faf41239164e4ee250c1daUbuntu Security Notice 4703-1 - It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service.
8e39a3ca3da54134afa31cb731c9d23cUbuntu Security Notice 4702-1 - It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information.
a0cc5acf94fe6c368769567ffbbf09ecUbuntu Security Notice 4689-4 - USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.
67b7fedb3c56827c3051283598dae0b9Ubuntu Security Notice 4697-2 - USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Various other issues were also addressed.
710757898267e7364668015c59fe295cUbuntu Security Notice 4689-3 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
770df623c2eb7e3a6a906c87fae96947Ubuntu Security Notice 4701-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, or execute arbitrary code. It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
d5be7805a4212cf046f8575dfc0f5c39Ubuntu Security Notice 4700-1 - Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code.
c2db4cbb17bceeecfeb5154b0698a988Ubuntu Security Notice 4699-1 - It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.
adb98b4f1980e62322aa69491a5cc4cbUbuntu Security Notice 4698-1 - Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6a28aafbdc7142b8cedf9f08b7ed394cUbuntu Security Notice 4697-1 - It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.
33d0f53f2fe15d0bbe0fe6f3b813716fUbuntu Security Notice 4696-1 - It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service.
8db6722155e080664d72df4f9eef7257Ubuntu Security Notice 4695-1 - Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Various other issues were also addressed.
cc7f5a77193361f6afb87d4fc323cbb7Ubuntu Security Notice 4693-1 - It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. Various other issues were also addressed.
19e32413eae87248300241c7423c86b4Ubuntu Security Notice 4694-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
39bd5d296c952869b692a804fbc44d89
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed