Ubuntu Security Notice 6400-1 - It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information.
78f05f302971fdd61c41b154c5089eddceaa4838a9b6ffba2b409c27fe5f9ad4
Ubuntu Security Notice 1517-1 - It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
be0532b5d29f4ce5ef9813a17a2367a5ec386f67370f51d9825d90b7a5f27ec2
Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.
f2262e55a41ba5619c60cd6ba0d89acc3919c82392ab15e2dd986d7c27563ab8
Ubuntu Security Notice 1515-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).
908d6a9a0c0821a79bc5cf79e57840b3dad2e4da19e3a8fd156866d4b8a0c82b
Ubuntu Security Notice 1513-1 - Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
478214c4d3e32e1c8fdcb76337db0b554d6781b86f323a6fdbd0ee1bf03843a4
Ubuntu Security Notice 1512-1 - It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.
0eb443866af01d8f0bed2a8e0d40c11f7d181c581505d2a58166201be1c354b9
Ubuntu Security Notice 1511-1 - Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
6d79518b72d5ecf13083c6ab3b54a05a6a053fc38887997dd9f4db4d024afa41
Ubuntu Security Notice 1509-2 - USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
b1ee2d19edb1e54a769ce1ce1b5a11a33062791df60b43418b7c279fd06fdf69
Ubuntu Security Notice 1510-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
7fbdf2d13586540712963a954d0d8a000a7e4308b3fd503169a4afc53c390b15
Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
a4eb4b9de1ce5cbd28ed980c6239c941877de08af4eee9399df2938af61e201b
Ubuntu Security Notice 1508-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).
f96ecd0c79ded94b46672835106ed3ee93cec325c6aea648c545e47aa4af9647
Ubuntu Security Notice 1507-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded. Various other issues were also addressed.
16f2b75936f467bc23ca10f8ddc7c026a0d723c0ceef279e65985417b73730bc
Ubuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
d9174e9a4ed57d8cbb518a50151cad98d40855786e4a1d98cef9256e2cf24668
Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671
Ubuntu Security Notice 1504-1 - It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 10.04 LTS. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
38f8026f04706275efcfb7cc11205b775caa2dd43f788cbc9c811568afc13863
Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
df547307b999909e8ad311c8eb23837293bda1c1769f52bf417f2bfd35e2b199
Ubuntu Security Notice 1501-1 - Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service.
7e3dd9ba09ba9cf2f97f1ef47bab66d628a4da3485835ae1321b2dd8ba55018e
Ubuntu Security Notice 1502-1 - Ken Mixter discovered a format string vulnerability in the LogVHdrMessageVerb function in xorg-server when handling input device names. This could allow a local attacker to cause a denial of service or possibly execute arbitrary code. The default compiler options for the affected release should reduce the vulnerability to a denial of service.
243a8325cf6cb68a4b306b912c804202fe4dda9c207c1b4d5321c2ec7f9d93e5
Ubuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
a749885c45d3ed6a82077ecb3953f73e5275c512532f5583f18a44f27c49d270
Ubuntu Security Notice 1499-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
ef05151a339827bd665036be138d551449abec4cd1acf946dbcc634acafed160
Ubuntu Security Notice 1498-1 - It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
3b79f4af0c1548cb1ed223db3afc67082ff8290dc8746f691a68cb86abbbd616
Ubuntu Security Notice 1497-1 - Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.
6e12798a2feb912d78105cce29f97f758bf35dbc4d8aa8f5c10843511e3f1435
Ubuntu Security Notice 1495-1 - Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
617a6c43b47fc945fe320c3985b9aff5125c701754e92f77d4b51afa4f2dda8a
Ubuntu Security Notice 1496-1 - A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
6d337c7be5b6468659a8a20b6abfe0b12aceb6daf7137e5e7fc42af784c51ab0
Ubuntu Security Notice 1494-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
f137e62a4681a574d3de6129ce4e63221ef6ad665fac5aa66f74a74d396ed2ef
Ubuntu Security Notice 1493-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
77525d18fe3903454b40d845ae40d20592c749585227b9b425eaaa4ee7df89b9