Twenty Year Anniversary
Showing 51 - 75 of 5,717 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-3685-1
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.

tags | advisory, overflow, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14064, CVE-2017-17742, CVE-2018-1000074, CVE-2018-8777
MD5 | 8e3eaae5e55f5657e198a4d0014a7723
Ubuntu Security Notice USN-3686-1
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9620, CVE-2014-9621, CVE-2014-9653, CVE-2015-8865, CVE-2018-10360
MD5 | d461c5706afdf66b380cf8a86deaf4f6
Ubuntu Security Notice USN-3684-1
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3684-1 - It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-12015
MD5 | 682ba37fc142ec50b37e732a6884afae
Ubuntu Security Notice USN-3684-2
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3684-2 - USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-12015
MD5 | 00c9c5a21a48d1c5060750b8a91b2e86
Ubuntu Security Notice USN-3683-1
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3683-1 - Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-5738
MD5 | 3119f1d5bde8d9933e7039d7ece9575d
glibc 'realpath()' Privilege Escalation
Posted Jun 12, 2018
Authored by halfdog, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.

tags | exploit, shell, root
systems | linux, debian, ubuntu
advisories | CVE-2018-1000001
MD5 | fdde72feb2388aee3f2e93395c3c6363
Ubuntu Security Notice USN-3682-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3682-1 - A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6126
MD5 | 9d8d0a4e3481a5f69358902a80dbe817
Ubuntu Security Notice USN-3678-3
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | b71a6729238f35ec13634f2c220c34d3
Ubuntu Security Notice USN-3681-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3681-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-1000445, CVE-2017-1000476, CVE-2017-10995, CVE-2017-11352, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12140, CVE-2017-12418, CVE-2017-12429, CVE-2017-12430, CVE-2017-12431, CVE-2017-12432, CVE-2017-12433, CVE-2017-12435, CVE-2017-12563, CVE-2017-12587, CVE-2017-12640, CVE-2017-12643, CVE-2017-12644, CVE-2017-12670, CVE-2017-12674, CVE-2017-12691, CVE-2017-12692
MD5 | 46d66c11518d687dd07ed69be074f87d
Ubuntu Security Notice USN-3680-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3680-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-1064, CVE-2018-3639
MD5 | 201224caaef8646b4ab1fccccd633def
Ubuntu Security Notice USN-3678-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 1d0f17218b003943e4aff4def17102ae
Ubuntu Security Notice USN-3678-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 30a4c871ce87fae2bd0d703036631ef4
Ubuntu Security Notice USN-3677-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087, CVE-2018-8781
MD5 | 396409805add6cf9f38ac282a0bfd084
Ubuntu Security Notice USN-3677-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087, CVE-2018-8781
MD5 | d1a66b35374f1624dabb3b438cacb544
Ubuntu Security Notice USN-3676-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087
MD5 | 5003b86c6663e42774044c383414155b
Ubuntu Security Notice USN-3676-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087
MD5 | 92f377cd56f9ba9394f2484e289a2563
Ubuntu Security Notice USN-3675-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-1 - Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-12020, CVE-2018-9234
MD5 | 8892b2e9f917af8dd1d4c8b056a3f11e
Ubuntu Security Notice USN-3674-2
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-2 - USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
MD5 | 5559e14a261b2b1caff2653f93380832
Ubuntu Security Notice USN-3674-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the RDS protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
MD5 | 7580ee1c4975048c3bd3f4059fd6b003
Ubuntu Security Notice USN-3673-1
Posted Jun 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3673-1 - Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence of an existing wildcard record, or trick Unbound into accepting a NODATA proof.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-15105
MD5 | 527a414e83dab8c0cd7e3fa2def66c66
Ubuntu Security Notice USN-3672-1
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3672-1 - Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11683, CVE-2018-11684, CVE-2018-11685
MD5 | 9ee509364bd7e5d668826b242cc13db1
Ubuntu Security Notice USN-3671-1
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 25303632420b77046f5c6aa93da590ef
Ubuntu Security Notice USN-3658-2
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-2 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 8c11d4a226d2b323f1f81e8bb5ccbe5a
Ubuntu Security Notice USN-3670-1
Posted Jun 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3670-1 - Agostino Sarubbo discovered that elfutils incorrectly handled certain malformed ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, elfutils could be made to crash or consume resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613
MD5 | 2c814b85b27d8f83c8806b74e9e6b320
Ubuntu Security Notice USN-3669-1
Posted Jun 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3669-1 - It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11410, CVE-2018-11440, CVE-2018-11577
MD5 | fc1bfc637ae762561c44f451839b1f0f
Page 3 of 229
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    10 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close