Ubuntu Security Notice 7001-1 - Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
dd777efeaab59422d2fe51b3d1cc0f03bc68451f5c70dd442a7b4f075550b945
Ubuntu Security Notice 7000-1 - Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
e207f4963e040f92737087661cdcc67616d5a449bd2f500e15737c6170147628
Ubuntu Security Notice 7002-1 - It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute arbitrary code.
54bafb3e8bf0072a6b96f1e84af61e2aabfd6f0f55f7346007be3c20de65531f
Ubuntu Security Notice 7003-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b9ccf0915602448265ab710de51d14e93875c6b9ca20f10baf002ab90a58470e
Ubuntu Security Notice 7003-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7d5b0465fc8b365d164e7403ac3a399c1d198dc1157f8ad403f32d2ffbadf1a2
Ubuntu Security Notice 6997-2 - USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.
96ae5f484bf5f362eb5537aaba9e0c81e0f8f62b5f143ef1ce8ddc21845eea5b
Ubuntu Security Notice 6999-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
f2f3af31e74d781983843453894ecb4650b3d835bf822cc772b1ad0341cc9292
Ubuntu Security Notice 6998-1 - It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. It was discovered that Unbound incorrectly handled memory in cfg_mark_ports, which could lead to a heap buffer overflow. A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code.
f9d7762439d9245eff0c00af6fb809547380b48c103aed24fe549548f865477c
Ubuntu Security Notice 6997-1 - It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.
d715a8865849f88063b88cbe93cb59c0248d315acbdb3eee8c15abca6d300389
Ubuntu Security Notice 6996-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
495c021cebaed12775fb7591f330431d792303b4c0b48774c767ece1790af9e8
Ubuntu Security Notice 6841-2 - USN-6841-1 fixed a vulnerability in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP could early return in the filter_var function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information.
d170b8e7f8f92515ffeb2d3bd1921abc8a3d13ffd05345330e4edb30169de83a
Ubuntu Security Notice 6994-1 - It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to consume resources, leading to a denial of service.
151f4791ce1bf18350da328db884812f982e73c362b6de11f386b30f3d2006ef
Ubuntu Security Notice 6995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage certain memory operations when processing graphics shared memory. An attacker could potentially exploit this issue to escape the sandbox.
eab68a333f804e9e74b44016fbdb0398f12ab2987a9d060158306b72c60f40cc
Ubuntu Security Notice 6991-1 - It was discovered that AIOHTTP did not properly restrict file access when the 'follow_symlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system.
5086a612b030dfb3ae7737ae3449c9df89010cef59afa6efb9fbaf45b83ffb72
Ubuntu Security Notice 6993-1 - It was discovered that Vim incorrectly handled memory when closing a window, leading to a double-free vulnerability. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. It was discovered that Vim incorrectly handled memory when adding a new file to an argument list, leading to a use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service.
afda8c50b2d703933dd67de51fd0060a06f710a6ac439afd52bea8bb4f9bbc7c
Ubuntu Security Notice 6992-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
f877ee8cce524a71acb383e922589b335611b9a2a91b121ebf320339bdca2584
Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server.
2ff9ffcee81bb5bc9916e49051249af40af502f84776f8ed2b4abb3212c2cf98
Ubuntu Security Notice 6989-1 - Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data.
c4b712ebf2b59c7d68e30d3767adfa9a7d46a5ac12b1d9e7f8bb28f06bdd19d0
Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
b2ed887bda1225e6a107abc79f6788f4ff09335f9bbfeb2491bad8367d72c41b
Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.
b3e9ccedfdbf38665257767f0dc668db4901ec80e4f37709d43bcb54502ddae9
Ubuntu Security Notice 6986-1 - David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.
4e4ced71393d9b0e6bca8be03216a18e90e10465a4695a4677bf735d58d9bcc9
Ubuntu Security Notice 6981-2 - USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code.
e0c2bcfb7cd5f77e1fac909f4e05b9cd81d53faaf5f7d19ef0e52afe64fba15a
Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.
f3f2768b2dc77ce49a90cc01a26c241df8af7757a71eacfd0692358e81f14191
Ubuntu Security Notice 6973-4 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
4006eea47a5441ab0ddfac9075db1654fe88940a7c48c7673d4074ffa6b8ff49
Ubuntu Security Notice 6984-1 - It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL.
d4ce9e5a8641bd321dc9895bca894ff07870e77f47bdfeb2a01766ff8638b040