Ubuntu Security Notice 4236-1 - It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
7b6be66250d233504f1e911ac51bd610Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
c85cca82ee0dd4f5217de8cc90b4a010Ubuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J
5c0cf3b857919078bd5bd13419eb3f7dUbuntu Security Notice 4234-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy restrictions, conduct cross-site scripting attacks, or execute arbitrary code.
1a51e76c4ef522241e5832bf35b5dcacUbuntu Security Notice 4233-1 - As a security improvement, this update marks SHA1 as being untrusted for digital signature operations.
4c61bb799a11420b0c407dfd226a28a4Ubuntu Security Notice 4231-1 - It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
381e5df5e85c95d2f787828815e59e9fUbuntu Security Notice 4232-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
6e0f8d7ab4bdae6eb6b56cb6d1f61cbcUbuntu Security Notice 4230-1 - It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
9ec43d4e23a0a0f5d23598ba601e2381Ubuntu Security Notice 4227-2 - USN-4227-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
733793ffe11e2ea71e09be545be0d3ddUbuntu Security Notice 4228-2 - USN-4228-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
dc07d1323ab7cc3470e1c99c2befa13eUbuntu Security Notice 4228-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
f4feac3e893b6407d1f30572c9700e9aUbuntu Security Notice 4227-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
864d760849ca5c09092d63bb995d330dUbuntu Security Notice 4226-1 - Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
6ffbd397b56749edf4497b880653407fUbuntu Security Notice 4225-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5705c3fff1cb46069231ce3d34d20efaThis Metasploit module uses Reptile rootkit's reptile_cmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch (2019-03-04) on Ubuntu 18.04.3 (x64) and Linux Mint 19 (x64).
a45009c7d529d2cc46cd3ba0f3c2c122This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
ae11a67b34fba9d465c0f0b7d84392d0Ubuntu Security Notice 4224-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
4dce413f4936a997f159dadad90f4e0aUbuntu Security Notice 4223-1 - Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. Various other issues were also addressed.
7c8115a6198c52530eaa647fbdfc5290Ubuntu Security Notice 4222-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
5c90512df80195dd969c960e5a312b12Ubuntu Security Notice 4214-2 - USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
531ff27eaa01727b4de3f3657de0cfcfUbuntu Security Notice 4217-2 - USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Various other issues were also addressed.
8f8bc5296135141a6c216b6ebef1839aUbuntu Security Notice 4221-1 - It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service.
812516e31f9aef99777b56d729dd109cUbuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
9fff7c893619a32a00e008fd58151899Ubuntu Security Notice 4220-1 - Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
76398bb59611f119d1c7e1fb55b430e6Ubuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
83a46e77959c6c7efba0b0d10a2979bf
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed